Adobe patches 'critical' Photoshop CS4 vulnerability


Adobe has issued a security update for Photoshop CS4 to fix "critical" vulnerabilities in the image-editing software.

According to the company's latest security bulletin, users attempting to open some brushes, gradients and colour swatches in Photoshop CS4 could be leaving themselves vulnerable for attackers to take control of their systems. The latest CS5 generation of Photoshop isn't affected.

"Critical vulnerabilities have been identified in Photoshop CS4 11.01 and earlier for Windows and Macintosh that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system," the bulletin reads.

Adobe says users are only at risk if they open a malicious ASL, ABR or GRD file in other words, swatches, brushes and gradients. A wide range of third-party add-ons are available to download for Photoshop, allowing users to expand the software's abilities and add extra features.

Users of all versions of the software up to CS4 11.01 are advised to install the update, and Adobe also advises Photoshop users to be cautious when downloading or opening files from unknown sources.

To check which version of Photoshop is currently installed, select About Adobe Photoshop CS4 in the Help menu. The update is available in Windows and Mac OS X variants, and can be downloaded from the Adobe Support site.

Adobe credits Zero Science Lab's Gjoko Krstic for discovering and reporting the issue.