Earlier this week, Adobe pushed out four security bulletins. While each bulletin warned of critical vulnerabilities existing in the software packages of Adobe Shockwave Player, Photoshop CS5.5, Illustrator CS5.5, and Flash Professional CS5.5, only the Adobe Shockwave Player received a patch to resolve the issues. The other programs, however, only recommend taking the path of a paid upgrade to Creative Studio 6 versions of the products as their CS6 counterparts resolve the issues. Adobe CS6 just shipped earlier this week.
If you can’t afford to pay for the upgrade, Adobe recommends being careful.
Adobe has released Adobe Photoshop CS6 (paid upgrade), which addresses these vulnerabilities. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.
Adobe CS6 products were released Monday, May 7th and the security bulletins for CS5.5 products were posted on Tuesday, May 8th. There’s nothing convenient about that but should help Adobe push a few more paid upgrades.
Meanwhile, if you have Shockwave Player, you should update to version 11.6.5.635 from: http://www.adobe.com/products/shockwaveplayer/shwv_distribution3.html
Adobe seems to have heard the complaints of imposing paid upgrades for known security vulnerabilities and issued this statement in a new security bulletin:
We just updated the following Security Bulletins initially posted on Tuesday, May 8, 2012:
APSB12-10 – Security bulletin for Adobe Illustrator APSB12-11 – Security bulletin for Adobe Photoshop APSB12-12 – Security bulletin for Adobe Flash Professional
We are in the process of resolving the vulnerabilities addressed in these Security Bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.