Adobe has issued a security patch for its Adobe Photoshop CS4 software to plug “critical” vulnerabilities that expose users to code execution attacks with rigged image files.
The flaws affect both Windows and Mac OS X users. Adobe Photoshop CS5 is not affected by these issues.
The company only lists one CVE entry but describes the problems as vulnerabilities that could allow an attacker to take complete control of the affected system.
A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities.
The company is recommending that Photoshop CS4 customers update to Photoshop CS4 11.0.2, which resolves these issues.
Adobe also encourages all customers to follow security best practices by exercising caution before opening any unknown file or files from unknown sources, regardless of the application used to open the file.
