Adobe backs down, will patch old software for free
Posted on 14 May 2012.
Following Adobe's recent release of Creative Suite 6 and its statement that it will not be patching critical security vulnerabilities in previous versions of the popular software the suite includes, security experts and users have voiced their indignation.

According to Adobe, the users had either the option to upgrade to CS6 - and pay $375 for the upgrade - or to keep using CS5 and CS5.5 and "follow security best practices and exercise caution when opening files from unknown or untrusted sources."

"No dot release was scheduled or released for Adobe Photoshop CS5," a company spokeswoman explained the reason behind their decision. "In looking at all aspects, including the vulnerabilities themselves and the threat landscape, the team did not believe the real-world risk to customers warranted an out-of-band release for the CS5 version to resolve these issues."

But a day later, they changed their tune. Faced with a backlash from angry customers, Adobe bowed to the pressure and backpedalled on its original decision, deciding to patch the eight vulnerabilities in question free of charge.

"We are in the process of resolving the vulnerabilities addressed in these security bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x and Adobe Flash Professional CS5.x, and will update the respective security bulletins once the patches are available," they stated.

They did not say how long it will take for the patches to be issued.


VPN protocol flaw allows attackers to discover users' true IP address

The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited to reveal the real IP address of users.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Dec 1st