Marco.org

Update: Adobe changed their mind and will patch CS5. Good.

What an awful move by Adobe:

Adobe released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. …

Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.

(Via Stephen Hackett.)

Note the euphemism, “released a security upgrade”: this is not an update, but a paid upgrade. This is not a “Security Bulletin”, it’s a giant middle finger.

In English: Photoshop CS5 will not be patched for this vulnerability. The only way to remain secure is to upgrade to Photoshop CS6 for $200.¹

My wife and I each bought copies of Photoshop CS5 two years ago, since we both use it for our professions. It is now unsafe for us to use this $700-each professional app, and the only responsible course of action is to pay another $200 each for an upgrade that we weren’t planning on buying because we were perfectly happy with the version we have.

Adobe’s message is clear: if you need or want to continue using Photoshop, the only responsible course of action is to buy every new version, which most Photoshop customers never needed to do before.

Maybe the right course of action is to stop using Photoshop. My wife can’t, so Adobe is just robbing her of $200. But I might be able to.

Update: Adobe changed their mind and will patch CS5. Good.