Adobe pulls pay-for-patch, issues fix

By

Gaffe was a 'PR disaster'.

Adobe has backpedelled and patched a critical buffer overflow vulnerability affecting Photoshop, Flash Professional and Illustrator.

Adobe pulls pay-for-patch, issues fix

The software giant initially refused to issue emergency patches and instead demanded users shell out some $200 to upgrade products to its latest Creative Suite line which was unaffected.

The vulnerabilities (CVE-2012-0778, CVE-2012-2028 CVE-2012-2026) affected Windows and Mac platforms and allowed attackers to hijack systems if victims executed a malicious TIF file within the Adobe products.

Adobe reasoned that the likelihood that this would happen was low. Photoshop wasn't on the radar of attackers, it said, so concerned users should exercise due diligence.

“Adobe is not aware of any attacks exploiting this vulnerability,” Adobe said in its security bulletin.

Security experts quickly disagreed. Sophos scribe Graham Cluely hit out at Adobe and labelled the affair a “PR disaster for the company”.

”Maybe Adobe customers who feel nervous opening .TIF files will judge the level of risk for themselves, and prefer to seek alternatives from companies that take better care of their users.”

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?