Adobe Responds to Customer Complaints, Will Patch Older Software -- Redmondmag.com

Adobe Responds to Customer Complaints, Will Patch Older Software

By Chris Paoli
05/14/2012

Adobe is changing its mind about not offering security updates to older versions of its Creative Suite software.

On Friday, the company reversed course. That decision came after many customers and security pros had expressed outrage over Adobe's decision to not issue security patches for CS5 and CS5.5.

The issue started last week when Adobe released a security bulletin announcing two vulnerabilities in Photoshop 5 and earlier versions, five vulnerabilities in Illustrator 5 and earlier versions, and one vulnerability in Flash Professional 5.5 and earlier versions. All of the vulnerabilities could be exploited on both Windows and Apple machines. At the time, Adobe indicated that people would have to upgrade to CS6 to get the issues fixed, and an interim patch wasn't merited.

"In looking at all aspects, including the vulnerabilities themselves and the threat landscape, the team did not believe the real-world risk to customers warranted an out-of-band release for the CS5 and CS5.5 versions to resolve these issues," an Adobe spokesperson explained.

Andrew Storms, director of security operations for security firm nCircle didn't see the logic in this, especially since products like Adobe Photoshop 5 are less than two years old.

"What the heck is wrong with Adobe? It's not like Photoshop is a ninety-nine cent app, it costs hundreds of dollars to purchase," wrote Storms in a blog post. "And the risk for the bug in Photoshop is high; the exploit code has already been made public. These security tactics make Adobe software look like ransom ware."

Users shared a similar sentiment. A Hacker News commenter questioned the legality of Adobe's actions and asked if there was any legal actions that could be taken.

"I own a copy of CS5.5 that was purchased 5 months ago," wrote user nkurz. "I'm already frustrated at the cost of the CS6 upgrade. Now Adobe is publicizing a critical vulnerability in their software for which the solution is me paying them for that upgrade. This feels a lot like extortion…."

Due to the backlash, Adobe on Friday said that it was reversing its decision not to supply a security update.

"We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available," according to an Adobe bulletin

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Real-World Ransomware Recovery

Here's how I was (mostly) successful in recovering a family PC infected with malware.
Microsoft Launches Small AI Models Family Phi-3

Recognizing that bigger isn't always better, Microsoft has released its smallest open AI models to date, Phi-3.
Microsoft and OpenAI Continue Global AI Expansions

Microsoft and OpenAI each continued their global expansion this month, with the announcements of new infrastructure investments and service rollouts in new regions, like Asia and the Middle East.
Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.