Exploit code released for Adobe Photoshop flaw

ChrisJChrisJ Registered Users Posts: 2,164 Major grins
edited April 30, 2007 in The Big Picture
"Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported."

Full article here: http://news.zdnet.com/2100-1009_22-6179485.html

Doesn't seem too serious, since most of us work with JPGs and RAWs. But worthy of a mention.
Chris

Comments

  • AndyAndy Registered Users Posts: 50,016 Major grins
    edited April 26, 2007
    someone not in the know wrote:
    "There are no active exploits out there yet, but any attacks will be limited," Kristensen said. "Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."

    headscratch.gif
    Andy

    PortfolioWorkshopsFacebookTwitter
  • DavidTODavidTO Registered Users, Retired Mod Posts: 19,160 Major grins
    edited April 26, 2007
    thumb.gif

    Thanks for posting that!
    Moderator Emeritus
    Dgrin FAQ | Me | Workshops
  • dogwooddogwood Registered Users Posts: 2,572 Major grins
    edited April 26, 2007
    What's ironic about the "photoshop not used by many individuals" comment is that we have a group of graphic designers at my day job and of course there's nothing in the budget to buy them upgrades to CS3 (they're all using CS2).

    They're all doin' better than me though-- best I could squeeze out of my employer was a copy of Elements.

    Meanwhile, back at my home office, I was literally counting down the days to April 16th-- the day CS3 was released! As we all know, getting a big business to buy you all the latest software upgrades can like banging your head against a brick wall. It's usually the individuals who jump on the bandwagon first-- no purchase requests or "wait until fiscal year 2008" or IT permission required when it's your own box!
    Portland, Oregon Photographer Pete Springer
    website blog instagram facebook g+

  • ChrisJChrisJ Registered Users Posts: 2,164 Major grins
    edited April 26, 2007
    Andy wrote:
    headscratch.gif
    Ha, I completely missed that... guess I stopped reading that paragraph at "no active exploits...yet".
    Chris
  • cabbeycabbey Registered Users Posts: 1,053 Major grins
    edited April 26, 2007
    The actual exploit code released at milworm is windows binary, so the script kiddies can't attack macs yet. The underlying issue however is likley to impact both mac and windows, just needs someone with a clue (not a script kiddie) to do the deeper analysis of what's happening on the mac version of the code, and write the appropriate assembly into the mallicious bitmap generation code.

    (perhaps this should be moved to digital darkroom?)
    SmugMug Sorcerer - Engineering Team Champion for Commerce, Finance, Security, and Data Support
    http://wall-art.smugmug.com/
  • David_S85David_S85 Administrators Posts: 13,245 moderator
    edited April 26, 2007
    cabbey wrote:
    (perhaps this should be moved to digital darkroom?)

    No, since this thread is not computer hardware related. The issue is more about software, and of interest to potentially everyone.
    My Smugmug
    "You miss 100% of the shots you don't take" - Wayne Gretzky
  • cabbeycabbey Registered Users Posts: 1,053 Major grins
    edited April 26, 2007
    David_S85 wrote:
    No, since this thread is not computer hardware related. The issue is more about software, and of interest to potentially everyone.

    Huh, guess I never realized digital darkroom had that limited focus... I'd always thought of it as 'all things in the intersection of computers and photography'.
    SmugMug Sorcerer - Engineering Team Champion for Commerce, Finance, Security, and Data Support
    http://wall-art.smugmug.com/
  • David_S85David_S85 Administrators Posts: 13,245 moderator
    edited April 26, 2007
    With Adobe passing up CS2 users with their last ACR update, I wonder if CS2 might be forgotten about when they patch this exploit. I sure hope not.
    My Smugmug
    "You miss 100% of the shots you don't take" - Wayne Gretzky
  • wxwaxwxwax Registered Users Posts: 15,471 Major grins
    edited April 27, 2007
    David_S85 wrote:
    With Adobe passing up CS2 users with their last ACR update, I wonder if CS2 might be forgotten about when they patch this exploit. I sure hope not.
    Hah. They ignored CS with previous ACR updates. Ticked me off. My sense is that they do everything they can to push you to upgrade.
    Sid.
    Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum immane mittam
    http://www.mcneel.com/users/jb/foghorn/ill_shut_up.au
  • claudermilkclaudermilk Registered Users Posts: 2,756 Major grins
    edited April 27, 2007
    wxwax wrote:
    Hah. They ignored CS with previous ACR updates. Ticked me off. My sense is that they do everything they can to push you to upgrade.

    Oopsie...pushed me to look elsewhere. mwink.gif Now have a better converter & CS still works fine for me. I'll see if CS3 has enough to warrant the cost (unlikely).
    Chris
    http://www.chrislaudermilkphoto.com/
  • ChrisJChrisJ Registered Users Posts: 2,164 Major grins
    edited April 30, 2007
    Critical flaw found in Photoshop [PNG] plug-in
    "Security researchers have found a "highly critical" flaw in the portable-network graphics plug-in for the latest version of Adobe Systems' Photoshop Creative Suite, as well as for other versions of the software that run on Windows."

    Full article here: http://news.zdnet.com/2100-1009_22-6180180.html

    Not sure it rated a whole new thread...
    Chris
Sign In or Register to comment.