Nsauditor Network Security Auditor - Advanced All-In-One Network Tools Suite!
  Recommended Product
Network Security Audit Software
Network Security Audit Software and Computer Security Tools
Download Learn More
Nsauditor Screencast
 
 
  Network Security Software
Network Bandwidth Monitor Network Bandwidth Monitor
NBMonitor tracks Internet bandwidth usage (upload and downloads) and shows process names initiated network connections...
Network Hardware Inventory Software Network Hardware Inventory Software
Nsasoft Hardware Software Inventory is a powerful network inventory software for home, office and enterprise networks...
BlueAuditor Monitors Mobile Devices in Wireless Network BlueAuditor Monitors Mobile Devices in Wireless Network
BlueAuditor is a wireless personal area network auditor and easy-to-use program for detecting and monitoring mobile devices in a wireless network...
Network Access Monitoring Network Access Monitoring
ShareAlarmPro allows easily perform network shares and folder monitoring, block unwanted users attempting to access secured shares...
Network Shares Monitoring Network Share Watcher
Monitors network folders permissions and identify shares which are violating company data access policy...
NetworkSleuth Network File Search Utili NetworkSleuth Network File Search Utiliy
NetworkSleuth is a network file searching utility, that allows you to quickly locate files across a network....
Product Key Finder Product Key Finder
Product Key Explorer enables you to quickly recover over 3000 popular software product keys from network computers...
Backup Key Recovery Crashed Drive Keys Recovery Backup Key Recovery Crashed Drive Keys Recovery
Backup Key Recovery retrieves product keys for Windows, MS Office, SQL Server, Adobe products and more than 2500 popular software products...
 
 

Network Security News

Adobe will issue free security patches for high-profile Creative Suite apps

May 12, 2012 | ITNews.com

Recent versions of Adobe Photoshop, Illustrator, and Flash Professional--the company's high-profile Creative Suite applications--have security vulnerabilities on both Mac and Windows platforms. Late Friday night, Adobe confirmed its plan to issue free patches to fix the problems in all three applications--a reversal of its previous strategy that would have forced users to pay for a CS6 upgrade in order to rectify the problems.

According to an Adobe spokesperson, "The team decided to make available patches for Photoshop CS5.x, Illustrator CS5.x, and Flash Professional CS5.x." The time frame for availability of those fixes is unclear. "We are still in the process of finalizing the timeline for the patches," the spokesperson said. "We will update the respective security bulletins once the patches are available."

Users can monitor the latest information on the Adobe Product Security Incident Response Team blog or by subscribing to the RSS feed.

Creative Suite security compromised

On Wednesday, Adobe had announced that security issues compromised Photoshop CS5 and earlier, Illustrator CS5.5 and earlier, and Flash Professional CS5.5 and earlier, according to information published on Adobe's security bulletin on the company's website.

The vulnerabilities in Photoshop could be exploited via opening malicious TIFF image files, Adobe said. It did not describe the possible attack methods targeting Illustrator or Flash Professional. According to Adobe, the security issues--which it characterized as "critical vulnerabilities"--could be exploited "to take control of the affected system."

All the reported security issues are classified as Priority 3, which in Adobe parlance means "...vulnerabilities in a product that has historically not been a target for attackers." In such cases, Adobe recommends that "administrators install the update at their discretion."

Adobe's website further stated, "For users who cannot upgrade...Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources."

Whereas yesterday that upgrade recommendation would have required purchasing the new CS6 versions, later in the evening, the company changed its mind and decided to issue free patches for CS5, as is customary with supported products.

In explaining its previous position earlier in the day, the Adobe spokesperson had said that since the vulnerabilities had been resolved with the new CS6 version, "no dot release was scheduled or released for Adobe Photoshop CS5. In looking at all aspects, including the vulnerabilities themselves and the threat landscape, the team did not believe the real-world risk to customers warranted an out-of-band release for the CS5 version to resolve these issues."

The spokesperson had further said that, "we are not aware of any exploits targeting any of the issues fixed..."

Decision sparks controversy

A number of security experts on Friday afternoon, among many others via Twitter and on their blogs, criticized Adobe's position.

"The general rule of thumb is that security patches should be issued for all products still considered in-support," said Rich Mogull, a security analyst at Securosis.com who expressed surprise at Adobe's initial decision. "I recently did some research on this and found no cases where an out-of-support product was issued security fixes..."

But Adobe CS4 and CS5 are still supported by the company. According to Mogull, not issuing a patch would be tantamount to "...breaking with industry convention and customer expectations. If the products are really out of support, then that's understandable. But their own site shows them still within an active support window. CS5 is only two years old."

Adobe launched CS5 in mid-April 2010, and CS5.5 in April 2011. Upgrade prices are as follows: Photoshop CS6 Extended, $399; Photoshop, $199; Illustrator, $249, and Flash Professional, $99. CS6 Design & Web Premium, which includes all three affected software packages, costs $375.

News of these security issues directly follows a week of massive Adobe software releases, including the company's Creative Suite 6 and the debut of its Creative Cloud subscription-based products and services.

View more news...

 
  Most Popular Articles
 
 
  Email Subscriptions
Enter Your Email to be Notified of Software Updates:

 
 
  Popular Searches
network security magazine network security auditor network security news network security software corporate network security network security systems home network security product key finder password recovery software Network Bandwidth Monitor Network Access Monitoring data access policy monitoring remote shutdown Network File Search key recovery Network Monitoring Computer Security Ethical Hacking Network Security Network Inventory Software Information Security
 
 
  Partner Sites
Network Security Auditor
Nsauditor is a complete networking utilities package that includes more than 45 network tools and utilities for network auditing, scanning,network connections monitoring and more. For more information, please visit:
www.nsauditor.com


Password Recovery Software
SpotAuditor is All-in-one password recovery program that offers administrators and users a comprehensive solution for recovering passwords and other critical business information saved in users' computers. For more information, please visit:
www.password-recovery-software.com

Product Key Explorer
Product Key Explorer quickly recovers and displays product key, including Windows 7 keys, Windows Vista key, Windows XP product key, Microsoft Office 7 product key, MS office 2010 key, Adobe Photoshop, Adobe CS5, CS4, CS3, SQL Server, Electronic Arts games and more than 3000 popular software products:
www.product-key-explorer.com/