Adobe Patches Photoshop, Illustrator Flaws

By Ryan Naraine  |  Posted 2006-02-03 Print this article Print

The Web design and print publishing software maker pushes out an "important" security update to cover code execution flaws in the Adobe Creative Suite 2 product.

Web and print publishing software maker Adobe Systems has pushed out security patches to cover a potentially serious code execution flaw in the Adobe Creative Suite 2 platform.

The flaw, which carries an "important" rating, affects Adobe Creative Suite 2, Adobe Photoshop CS2 and Adobe Illustrator CS2 on both Windows and Mac OS platforms.

San Jose, Calif.-based Adobe is working on a plan release security updates on a monthly cycle, but a spokesman told eWEEK that this batch of patches is not part of the scheduled updates that will be implemented later this year.

According to a security bulletin from Adobe, the vulnerability could be exploited by malicious hackers launch security bypass, data manipulation and privilege escalation attacks.

"If exploited, this vulnerability could allow a hostile user to replace program files with malicious or harmful code that could read, write, or destroy sensitive data if subsequently run by a privileged user," Adobe warned.

To read more about Adobe releasing a fix for a flaw in Reader and Acrobat, click here. The flaw is caused due to insecure default file permissions being set on the installed files and folders. This allows any non-privileged users on the system to remove the files or replace them with malicious binaries.

Adobe said the vulnerability presents a risk for shared, multi-user systems. On such systems, the company said a hostile user could replace program files with dangerous code that would execute when subsequently run by a privileged user.

For advice on how to secure your network and applications, as well as the latest security news, visit Ziff Davis Internets Security IT Hub. The company warned that the malicious code could be used to read, write or completely destroy sensitive corporate data.

Adobe credited security researchers Sudhakar Govindavajhala and Andrew Appel of Princeton University for reporting the flaw.

The Adobe Creative Suite 2 is a print and Web publishing software that integrates imaging, illustration, stock photography and PDF file creation capabilities in one environment.

Click here to read more about Adobe plugging code execution holes in Reader and Acrobat. It includes Adobe Photoshop CS2 for image editing, Adobe Illustrator CS2 for drawing and illustration, Adobe InDesign CS2 for page layout, Adobe GoLive CS2 for Web design and Adobe Acrobat for client review and print output.

The software suite also features the Version Cue CS2 for file sharing and versioning, Adobe Bridge for file browsing and organizing and Adobe Stock Photos for royalty-free images.

Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel