Adobe patches 'critical' Photoshop CS4 vulnerability
Installing third-party Photoshop swatches, brushes and gradients from unknown sources could leave an open door for hackers.
Adobe has issued a security update for Photoshop CS4 to fix "critical" vulnerabilities in the image-editing software.
According to the company's latest security bulletin, users attempting to open some brushes, gradients and colour swatches in Photoshop CS4 could be leaving themselves vulnerable for attackers to take control of their systems. The latest CS5 generation of Photoshop isn't affected.
"Critical vulnerabilities have been identified in Photoshop CS4 11.01 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," the bulletin reads.
Adobe says users are only at risk if they open a malicious ASL, ABR or GRD file in other words, swatches, brushes and gradients. A wide range of third-party add-ons are available to download for Photoshop, allowing users to expand the software's abilities and add extra features.
Users of all versions of the software up to CS4 11.01 are advised to install the update, and Adobe also advises Photoshop users to be cautious when downloading or opening files from unknown sources.
To check which version of Photoshop is currently installed, select About Adobe Photoshop CS4 in the Help menu. The update is available in Windows and Mac OS X variants, and can be downloaded from the Adobe Support site.
Adobe credits Zero Science Lab's Gjoko Krstic for discovering and reporting the issue.
The IT Pro guide to Windows 10 migration
Everything you need to know for a successful transitionDownload now
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Software-defined storage for dummies
Control storage costs, eliminate storage bottlenecks and solve storage management challengesDownload now
6 best practices for escaping ransomware
A complete guide to tackling ransomware attacksDownload now