Accessibility

Security bulletin

Security issues in Adobe Photoshop CS4 11.0.0

Release date: April 30, 2010

Vulnerability identifier: APSB10-10

CVE number: CVE-2010-1279

Platform: All

Summary

Critical vulnerabilities have been identified in Photoshop CS4 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .TIFF file must be opened in Photoshop CS4 by the user for an attacker to exploit these vulnerabilities. Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.1, which resolves these issues.

Note: These issues do not affect Photoshop CS5.

Affected software versions

Adobe Photoshop CS4 version 11.0.0

Solution

Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.1 using the instructions below.

To verify the version of Adobe Photoshop CS4 currently installed, choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To check for updates, choose Help > Updates from the Adobe Photoshop menu bar.

Photoshop CS4 customers can also find the Photoshop CS4 11.0.1 update for Windows or Macintosh here:
Adobe Photoshop CS4 11.0.1 update for Windows
Adobe Photoshop CS4 11.0.1 update for Macintosh

Note: These issues do not affect Photoshop CS5

Severity rating

Adobe categorizes these vulnerabilities as critical issues and encourages all customers to update their installations.

Details

Critical vulnerabilities (CVE-2010-1279) have been identified in Photoshop CS4 that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .TIFF file must be opened in Photoshop CS4 by the user for an attacker to exploit these vulnerabilities. Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.1, which resolves these issues. Adobe also encourages all customers to follow security best practices by exercising caution before opening any unknown file or files from unknown sources, regardless of the application used to open the file.

Note: These issues do not affect Photoshop CS5.

Acknowledgments

Adobe would like to thank Tavis Ormandy of the Google Security Team (CVE-2010-1279) for reporting the relevant issues and for working with Adobe to help protect our customers.