back to article Adobe backs down, patches critical Photoshop CS5 hole

Adobe backed down on Friday and promised to release a fix for earlier versions of its Photoshop software after previously insisting users who wanted to safeguard themselves from a critical security vulnerability had to pay for an upgrade. A security flaw in Adobe Photoshop version CS5 and earlier means users could be exposed …


This topic is closed for new posts.
  1. Jeebus

    I believe the phrase is "In your damn face" get over it Adobe and patch your substandard everything.

  2. Alan Bourke

    Adobe in money-grasping asshholery debacle?

    Quelle surprise.

  3. Anonymous Coward
    Anonymous Coward

    They can't really say that you should be careful what you open with PS. On my system, PS set itself up as the default to open everything, even including things like BMP, which no one would ever use for fotos! If someone sent me a TIFF file, it would be PS that opens it.

    However, on the subject of support from Adobe, I am not surprised. Bugs don't tend to get fixed and their general answer to most things is "pay more"; either upgrade to the higher cost version, or buy the newer version. It's as if they are trying to punish the people who actually buy the software :(

  4. Anonymous Coward

    Adobe love.

    Just shelled out the 300 sovs for my copy of CS6. Not only have they moved from two yearly to yearly updates, if you miss a version you end up paying even more than if you hadn't.

    Its basically subscription use by the back door (and oddly enough subscription use is what they would love us to all use).

  5. Adam Trickett

    They did shoot themselves in the foot

    If you have released a new version of a program, and security flaw is detected in older versions it's a judgement call as to how far back you go to fix it. I think everyone agrees that something that is only two years old and 1.5 versions older than the current version and is still widely available in the market should be patched. It was very foolish of them not to fix it, it made them looks cheap and made Microsoft look very good on Slashdot.

    They could have saved the pain and patched the older version and perhaps not going any further back would have been okay. Playing fast an loose with security flaws in an expensive piece of software is not he kind of publicity Adobe needs...

    1. BristolBachelor Gold badge

      Re: They did shoot themselves in the foot

      It's a bit disingenuous of them to say that CS5 is 2 years old. I bought Photoshop directly from Adobe less than a year ago. It was the latest version at the time; The box says Photoshop CS5 Extended. As far as I can tell, the next version released was "CS6" and that came out after bug was found, so actually CS5 was the current version.

      Now I don't know which version of Photoshop I actually have installed because it says that the version is 12.something! (Yay, way to go with useful version numbers!) I have gone to the Adobe website to try and find out, but not found anything useful (pointers anyone?).

      On the Adobe vulnerability page, it just says Photoshop 5.x (so is that PS 5 which is vulnerable, or PS 5.5 which El Reg says is not? Also there don't seem to be any updates at all for PS 5.5, even updates to Camera Raw which were released after the supposed release of PS 5.5!) It's not even mentioned on their Photoshop top-issues page

  6. Anonymous Coward
    Anonymous Coward

    Any chance of a CS4 patch too?

    Not all organisations can afford to fork out for the latest CS, (especially in the current climate, not at Adobes' prices) and probably wont be doing so for a time... are we going to remained screwed then?

    Piracy looking more and more attractive... again...

    1. Anonymous Coward

      Re: Any chance of a CS4 patch too?

      Can't fork out for the latest version?

      Certainly for the production bundles, the cost of missing a version is slightly higher than just upgrading every time. The only time this doesn't apply is if you fall so far behind that Adobe offer a time limited upgrade price as they did with CS3 a few months ago.

      And should you miss that final offer? Well you'll be buying a whole new version of the software at full price.

  7. jason 7 Silver badge


    ....not nice people to do business with.

  8. bigfoot780

    It does feel like m$ in the 90s. Adobe create bloat, charge a fortune for it. Poor code, little security.

  9. theblackhand

    Photoshop "has historically not been a target for attackers",

    They could have tried honesty - like:

    Adobe has historically not been able to provide any form of software that doesn't pose a security risk to your computer. As such, Adobe would like to retain the status quo.

  10. laird cummings

    Adobe: Crap product cattle-prod marketing

    Adobe salesman:

    "The older stuff is crap. Buy the new version or >KZZERT!<

    Oh, did that hurt? Well, better pay me soon or the pain will >KZZERT!<"

  11. Eradicate all BB entrants

    I am sure .....

    .... that at least one of the major motor vehicle manufacturers will use Adobe CS products. Just get them to send a note similar to the following.

    Dear Customer

    It has been discovered that if someone taps out the tune 'Lets play scratch and sniff with grandpa's butt' by the Fuknotz on certain panels of your vehicle this will enable the 'Ticking timebomb of flaming death'. This flaw once activated will mean that once the vehicle reaches 30mph it will immediately accelorate to 100mph and ignite all fuel onboard. Please note this only affect 2011 models and earlier. We have resolved this issue in the 2012 models and to fix your vehicle simply drive it to the nearest dealership and purchase a new model.

    We believe there is no risk to drivers of older models as no one knew of this flaw until it was made public last week.

    1. chris lively

      Re: I am sure .....

      Several manufacturers do just that.

      I have a Volvo. It was the first run of a new body style. The radio, nav, power seats and other electronics have issues. These were resolved in later models and most of which was handled by changes only in the software running in the car. However, the only "fix" is to buy a new car.

      Heck, there was a major engine part that was recalled in current year models, which failed in mine. Exact same physical part however a new part number was assigned. The only way to fix it was for me to pay for it. Apparently this is a pretty common thing to do in order to limit recalls.

      Maybe adobe should sell cars? :/

  12. Wile E. Veteran

    It's time

    Time to switch to the GIMP, Scribus and Inkscape instead of Photoshop, InDesign and Illustrator.

    Pay big bucks for crap products over and over again? Not this boy.

    Sure wish El Reg had a Gnu icon or a Beastie icon.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's time

      I run my own graphic design business and about a year and a half ago my CS package was up for renewal. This happened at about the same time as I had a slump in commissions and I decided the free software route was the only viable option.

      Despite what Adobe would have you believe it's entirely possible to run such a business using things like Gimp, Inkscape, Scribus and myPaint. Unfortunately despite what the FOSS brigade would have you believe the software isn't anywhere near as mature as the commercial offerings. Realistically you're looking at almost a doubling of the time it takes to complete a project. Inkscape for example can be made to do the same stuff as Illustrator 9 times out of 10. The difference is I can do it in Illustrator with a few clicks in a pull down menu whereas in Inkscape it can require nearly a dozen individual steps.

      FOSS - worth looking into but no panacea.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's time

        Hmm not wanting to sound contrary and it's been a while since I used illustrator but I found inkscape so quick and easy to use compared to using Illustrator. The only real hassle was colouring in arrow heads when using coloured lines but I just run the built in command on all the lines at once at the end.

        Gimp 2.8 in single window mode is also remarkably easy. Easier to use than PS until you start getting into some of the more hardcore functions.

      2. RAMChYLD

        Re: It's time

        Sadly tho, I agree with this. The Gimp is quite easy to use for most part (some stuff takes some adjusting, but I can cope). But when it comes to fancy stuff like adding drop shadows to text or even just simple text outlines, pain ensues. Adding drop shadows or outlines to text only takes a few clicks of a mouse in PS5. In Gimp, either one requires half a dozen steps which always ends with a rigorous swiping of the mice with a paintbrush, or another few dozen clicks with the paint bucket.

        And don't get me started on creating circling text, which wasted half of my day (though this is mostly caused by outdated tutorials confusing the sanity out of me).

        Still, I've mostly warmed up to Gimp since I don't deal with text much. Just that it's a real chore when I do end up needing to apply effects to text.

        1. Dan 55 Silver badge

          Re: It's time

          If it's escaped your attention, GIMPShop is GIMP with Photoshop's UI. Could be useful if you want to convert.

          1. Adam T

            Re: It's time

            I have to say, I've tried Gimp, and tried it again several times over the years hoping it would get better, and it just can't match the productivity of Photoshop. It's not just the UI, it's speed and workflow. Gimp in that respect is sadly aptly named. But there is a huge hole just sitting there for someone to make a real contender to Photoshop; not just for geeks, but for the Pro world in general.

      3. Anonymous Coward

        Re: It's time

        If it's taking you twice as long that's a bad thing.

        One of the biggest mistakes any one man band business can make is to assume the owners time is free.

        1. Anonymous Coward
          Anonymous Coward

          Re: It's time

          I'm well aware my time isn't free which is why I've gone back to PhotoShop and illustrator (though I'm still using myPaint instead of Corel Painter). At the time a hit to my workflow speed seemed preferable to spending money my business didn't have on expensive software (piracy isn't an option).

          To the AC who mentioned inkscape, try doing a perspective manipulation on a path, then try to edit that perspective distortion after having done something else. The amount of steps you have to go through compared to illustrator is painful.

    2. Dire Critic

      Re: It's time

      Urggghh, GIMP and Inkscape: the graphics equivalent of pulling teeth.

      NB: The version of Photoshop that comes with CS5.5 is actually PS 5.1, not 5.5 at least it is on my 2 grand's worth of CS5.5 Master Collection.

      And I'm sure my accountant is going to have a thromb when I tell him that another 2 grand is going on CS6. Yet that is still preferable than using the FOSS equivalents,

      Having said that though, Adobe software is the only reason I'm running Windows. Should they branch out into Linux them I'll be there like a shot.

  13. asdf Silver badge

    Adobe malware

    Honestly short of the java run time there is little supposedly "legitimate" software you could put on your computer to put it more at risk stability and security wise. If I had to run Adobe software I would probably be looking to sandbox or put it in a vm especially if I used the computer for banking etc.

    1. asdf Silver badge

      Re: Adobe malware

      Stop Java fanbois and don't make me post all the critical vulnerabilities that have been found in Java the last few years. Java VM is darn useful for many things but most home desktop users are better off without it.

      1. Robert Carnegie Silver badge

        Re: Java malware

        Well, Java vulnerabilities usually became public when Sun or Oracle released a free update with the vlunerability patched, and therefore not vulnerable any more.

        Even so, I wouldn't want to run Java with every web site out there, no. Nor Flash.

  14. Anonymous Coward
    Anonymous Coward

    Lousy way to treat customers

    Now, on the risk of comparing apples and oranges... I'm passionate about electronic music / sound design and synthesizers (basically sound synthesis) in general. To that end I picked up some gear and software, my 'studio' is basically build around 'Ableton Live (Suite) 8'. It doesn't come cheap; for the Suite version (the full boxed version which contains everything) you normally pay around E 700,-.

    The major difference otoh... I stepped onto the Ableton bandwagon 2 years ago (december 2010), picked up version 8.0.3. (or close enough). Right now they're on 8.3; the latest /update/ was released on the 2nd of April 2012. From 8.0.3 back in 2010 to 8.3 this year. And users never had to cough up any extra cash.

    "Just updates" ? Not even that... If you're interested check the release notes. New features were also added along the way.

    I know; comparing apples and oranges. But even so; that is IMO the way to do it and how you treat your userbase seriously. It seems that the bigger the company the lousier the service tends to be.

    1. Adam T

      Re: Lousy way to treat customers

      I've had similar experiences with Pixologic and ZBrush I bought ZBrush 3 back in 2006, and they've not charged any of their users for a single upgrade (Zbrush 4R3 was released this year).

      The net effect? They continue to sell new seats (the price is excellent value), they have no piracy issues, and their community forums are bustling with activity rather than angry people - their users absolutely love them.

      Sure you can't expect a huge company like Adobe to give their software versions away for free, they have massive overheads in comparison, but they can at least afford to be honest and if anything give their users great value. Adobe are complete and utter knob heads, they really are, if they think being scrooges is better for business than being generous and respectful.

  15. Adam T
    Thumb Down

    $199 != £124 in Adobe Land

    "If that wasn't good enough then an upgrade to Adobe Photoshop CS6 would do the trick, at a cost of $199 (£124) or more"

    Actually, it's £190.80 inc vat. Thieving bastards.

    1. Richard Cranium

      Re: $199 != £124 in Adobe Land

      Adobe have long suffered from the belief that £1=$1.

      A while back when the true calculation was closer to £1=$2 I tried to buy some Adobe software from a US source. Even if I used the shipping address of a friend in US I couldn't do it with a UK credit card. However I had a client in US and traded some work for him for the software I needed.

      Perhaps someone with a UK version could confirm that Adobe have invested man-years of developer effort into translating the US mis-spellings into UK English (color/colour for example) hence justifying the price differential.

      Want to see a worse Adobe rip-off? Acrobat X-Pro in US is $400 in UK £478, that would be $768 (Amazon prices)

      1. Adam T

        Re: $199 != £124 in Adobe Land

        Yeah, they're not alone either - Autodesk have the same strategy of setting "market-bearing" pricing.

        There's a few (but not nearly enough) disgruntled users on the Creative Cloud forum bitching about this, and Adobe's official response is that we're paying for the additional out-reach needed to do business "over here". Apparently that includes seminars and such - funny, because I've never been to and never want to go to an Adobe seminar, and the thought that I'm paying for them pisses me off even more. They're liars, plain and simple.

  16. Baroni


    They are the worst at being money-sucking greedsters. I was recently trying to figure out which renamed "suite" would upgrade my old one, and it's incredibly annoying to pick through their marketing schemes. I even made the mistake of using the web chat, where the guy kept using my first name at the beginning of every sentence (which got creepy and robotic) and telling me he thought I should upgrade NOW because it would meet all of my needs. He never asked what they were.


  17. Roger Stenning

    I will allow...

    ...that developing such software costs a shitpot load of money (my bettter half is a professional programmer), and that they have to recoup their development costs somehow, but when you charge £651.97 ( price, just Googgled it) for a software package, IMNSHO, you bloody well SHOULD throw in free updates for a few years - especially when it's not just businesses that use the damn thing.

    The cost reason was the push I needed to say "No way" to Adobe, and go the GPL route instead. I will freely admit that there are things that can be done easily in Photoshop, that are a right royal PITA to do in GIMP, but at least I haven't had to shell out a week and a half in wages to use a half-decent package.

    As to text effects, yes they're difficult with GIMP, when compared to PS, but they can be done.

    GIMP. It does the job. You have to work at it, but it does the job.

  18. jason 7 Silver badge

    Sounds to me like...

    ...the GIMP is 85% of the way there and just needs a concerted push on a few aspects to make it a real contender.

    It doesn't sound like the issues folks have with it are too different or particularly new.

    Are Adobe paying the GIMP folks to keep it ...gimped?

    1. Adam T

      Re: Sounds to me like...

      Well it depends what you do with it. I don't do text effects, I do pretty complicated texture artwork and painting.

      Of course I make money from it so cost isn't the issue; it's the principles. If someone makes a commercial photoshop app that can beat it at it's own game, I'll be the first in line if they can restrain themselves from taking the piss every 12 months.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019