Adobe patches 'critical' Photoshop CS4 vulnerability
Installing third-party Photoshop swatches, brushes and gradients from unknown sources could leave an open door for hackers.
Adobe has issued a security update for Photoshop CS4 to fix "critical" vulnerabilities in the image-editing software.
According to the company's latest security bulletin, users attempting to open some brushes, gradients and colour swatches in Photoshop CS4 could be leaving themselves vulnerable for attackers to take control of their systems. The latest CS5 generation of Photoshop isn't affected.
"Critical vulnerabilities have been identified in Photoshop CS4 11.01 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," the bulletin reads.
Adobe says users are only at risk if they open a malicious ASL, ABR or GRD file in other words, swatches, brushes and gradients. A wide range of third-party add-ons are available to download for Photoshop, allowing users to expand the software's abilities and add extra features.
Users of all versions of the software up to CS4 11.01 are advised to install the update, and Adobe also advises Photoshop users to be cautious when downloading or opening files from unknown sources.
To check which version of Photoshop is currently installed, select About Adobe Photoshop CS4 in the Help menu. The update is available in Windows and Mac OS X variants, and can be downloaded from the Adobe Support site.
Adobe credits Zero Science Lab's Gjoko Krstic for discovering and reporting the issue.
Digitally perfecting the supply chain
How new technologies are being leveraged to transform the manufacturing supply chainDownload now
Three keys to maximise application migration and modernisation success
Harness the benefits that modernised applications can offerDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
The 3 approaches of Breach and Attack Simulation technologies
A guide to the nuances of BAS, helping you stay one step ahead of cyber criminalsDownload now