After outcry, Adobe says it will patch CS5

Adobe is partially reversing a decision not to patch flaws in Illustrator and Photoshop 5 and earlier following outcry from customers.

Adobe on Friday said it would now patch Creative Suite (CS) 5 products after initially suggesting that customers using CS5 products could deal with the flaws by upgrading to its recently released CS6.

The problem is that upgrading to the latest edition of Photoshop costs US customers US$199, and $337 for Australian customers. Upgrading from CS5.5 would cost Australian consumers $461, while any editions from CS4 and earlier would cost over $1,000 to upgrade.

An Adobe spokesperson told CSO Australia that the company’s security incident response team had not planned a patch for affected CS5, adding that it did not believe real-world risks warranted an ‘out-of-band’ patch.

The security flaws were rated as critical but were given a ‘Priority 3’ rating, meaning that applying the patch -- or in this case buying an upgrade -- was at the “discretion” of the user or admin because these were not historically targeted platforms, said the spokesperson.

That means that customers running these versions of software could upgrade if they wanted, but could live with the flaws if they did not wish to pay for the upgrade.

While Adobe said it was not aware of any attacks that exploit these bugs, it will be issuing a fix for a flaw in Photoshop for which a public proof-of-concept exploit has been made, The H Security reported.

Adobe is still finalising a timeline for the patches. 

• Tweet