Adobe Reverses Course, Plans Free Updates for Illustrator, Photoshop, Flash Professional

Just a few days after the company announced that customers would have to pay for security updates to some of its popular products, Adobe officials backed off of that idea and announced that patches for flaws in Illustrator, Photoshop and Flash Professional would be provided after all.

Adobe patchesJust a few days after the company announced that customers would have to pay for security updates to some of its popular products, Adobe officials backed off of that idea and announced that patches for flaws in Illustrator, Photoshop and Flash Professional would be provided after all.

Last week, Adobe issued patches for a long list of vulnerabilities in Flash and other products, but it also issued advisories for Photoshop, Illustrator and Flash Professional, three of the company’s popular creative applications. Adobe did not release patches for those vulnerabilities, even though in the advisories the company said that the flaws could be used to take complete control of vulnerable machines and run arbitrary code. Instead, Adobe said that fixes for those bugs would be in the form of “paid upgrades.”

That drew a lot of criticism from security researchers, and late last week Adobe decided that it was probably a better idea to give customers the updates for free.

“We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available,” Adobe’s Dave Lenoe, said in a blog post. 

Photoshop, Illustrator and Flash Professional are widely deployed in the creative industry and are used by professional graphic artists and others and not so much by consumers. Though these applications don’t have the massive install bases that Flash and Reader do and therefore aren’t key targets for attackers, the fact that the vulnerabilities in the apps are remotely exploitable and can be used to take complete control of victims’ machines makes them dangerous bugs.

Adobe did not say when the patches for these vulnerabilities will be available.

Suggested articles

Discussion

  • Anonymous on

    They sell you bug infested software and then want you to pay for them to make it bugfree, sound like the Volt of software to me.

  • Anonymous on

    Making the patches availabel is still important since to take advantage of the vulnerabilities, the bad guys probably just need to be writing for the original vulnerabilities in Flash player, not targeting Flash Pro, Illustrator or Photoshop specifically, which would be likely low interest due to smaller install base.

  • Anonymous on

    And what about those of us who are content not to use the latest version of Photoshop but are happy to go on using P/S 3?  I started with the original second version of Photoshop, upgrading every time until I finally realized that it takes too long to learn the changes.  I remembered that I have met old-time woodworkers who still use the first tools they ever bought . At age 73 I think I will just stop upgrading for the remainder of my picture taking life.

    Does that mean, with an old version of P/S I am somehow in danger?

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.