Adobe patches 'critical' Photoshop CS4 vulnerability
Installing third-party Photoshop swatches, brushes and gradients from unknown sources could leave an open door for hackers.
Adobe has issued a security update for Photoshop CS4 to fix "critical" vulnerabilities in the image-editing software.
According to the company's latest security bulletin, users attempting to open some brushes, gradients and colour swatches in Photoshop CS4 could be leaving themselves vulnerable for attackers to take control of their systems. The latest CS5 generation of Photoshop isn't affected.
"Critical vulnerabilities have been identified in Photoshop CS4 11.01 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," the bulletin reads.
Adobe says users are only at risk if they open a malicious ASL, ABR or GRD file in other words, swatches, brushes and gradients. A wide range of third-party add-ons are available to download for Photoshop, allowing users to expand the software's abilities and add extra features.
Users of all versions of the software up to CS4 11.01 are advised to install the update, and Adobe also advises Photoshop users to be cautious when downloading or opening files from unknown sources.
To check which version of Photoshop is currently installed, select About Adobe Photoshop CS4 in the Help menu. The update is available in Windows and Mac OS X variants, and can be downloaded from the Adobe Support site.
Adobe credits Zero Science Lab's Gjoko Krstic for discovering and reporting the issue.
2021 Thales cloud security study
The challenges of cloud data protection and access management in a hybrid and multi cloud worldFree download
IDC agility assessment
The competitive advantage in adaptabilityFree Download
Digital transformation insights from CIOs for CIOs
Transformation pilotes, co-pilots, and engineersFree download
What ITDMs did next - and what they should be doing now
Enable continued collaboration and communication for hybrid workers