Making good on its promise to offer free updates for older versions of some of its most popular products, Adobe pushed out patches for its Photoshop and Illustrator products yesterday, fixing nine vulnerabilities, several which could allow remote code execution.
The update for Illustrator applies to both Windows and Macintosh versions of the CS5 15.0.x and CS5.5 15.1 product, fixing six separate memory corruption vulnerabilities. The Photoshop update fixes both Windows and Macintosh versions of the CS5 12.0 and CS5.1 12.1 product and addresses two buffer overflow vulnerabilities, one stack-based, which could lead to code execution.
Adobe fixed the Photoshop and Illustrator problems when the company released its Creative Suite 6 (CS6) software collection last month, yet failed to immediately address the issues of those who elected not to upgrade from its CS5 collection. Instead of releasing updates for the vulnerabilities – announced in early May – Adobe simply issued bulletins warning CS5 users about the vulnerabilities, hinting that the products could be patched by paying the $199 per product update price.
The move drew criticism from security researchers and Adobe soon had a change of heart, saying that it would work on resolving the vulnerabilities before updating the relevant security bulletins with the fixes Monday.