updated 10:36 am EDT, Sun May 13, 2012
Eight security matters need patching
After facing backlash and scrutiny following an announcement that it wasn't going to fix critical security bugs in the two-year-old version Creative Suite 5 or the year-old v5.5, Adobe security response team detailed plans to fix the problems on Saturday. On May 8, Adobe's security note explaining the vulnerabilities said that the only fixes for the bugs was upgrading to the newly released Adobe Creative Suite 6 or being careful with image sources, a move that would essentially force users to upgrade immediately.
A post on the official blog marked the change, with no mention of last week's version of the announcement other than the date the bulletin was originally published. All mentions of the previous guidelines have been editorially purged from both the security bulletin's page as well as other Adobe product pages.
In regards to Adobe's failure to patch Creative Suite 5.5 applications, nCircle Security's Andrew Storms told Computerworld on Friday that for all the company has been doing to revise their face of security, "this just brings them right back into the dunce cap seat." One security hole exists in the handling of maliciously constructed TIFF files, conceivably allowing an attacker to take control of the computer after a stack overflow. Details of the other seven flaws are not known. [via Computerworld]