Accessibility
Adobe
Sign in Privacy My Adobe

Security bulletin

Security update available for Adobe Photoshop CS4

Release date: May 26, 2010

Vulnerability identifier: APSB10-13

CVE number: CVE-2010-1296

Platform: All Platforms

Summary

Critical vulnerabilities have been identified in Photoshop CS4 11.0.1 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities. Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2, which resolves these issues.

Note: None of these issues affect Photoshop CS5.

Affected software versions

Adobe Photoshop CS4 version 11.0.1 and earlier for Windows and Macintosh

Solution

Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2 using the instructions below.

To verify the version of Adobe Photoshop CS4 currently installed, choose Help > About Adobe Photoshop CS4 from the Adobe Photoshop menu bar. To check for updates, choose Help > Updates from the Adobe Photoshop menu bar.

Photoshop CS4 customers can also find the Photoshop CS4 11.0.2 update for Windows or Macintosh here:

Note: These issues do not affect Photoshop CS5.

Severity rating

Adobe categorizes these vulnerabilities as critical issues and encourages all customers to update their installations.

Details

Critical vulnerabilities have been identified in Photoshop CS4 11.01 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .ASL, .ABR, or .GRD file must be opened in Photoshop CS4 by the user for an attacker to be able to exploit these vulnerabilities. Adobe recommends Photoshop CS4 customers update to Photoshop CS4 11.0.2, which resolves these issues. Adobe also encourages all customers to follow security best practices by exercising caution before opening any unknown file or files from unknown sources, regardless of the application used to open the file.

Note: These issues do not affect Photoshop CS5.

Acknowledgments

Adobe would like to thank Gjoko Krstic of Zero Science Lab (CVE-2010-1296) for reporting these issues and for working with Adobe to help protect our customers.