updated 09:45 am EDT, Thu July 12, 2007
Adobe has posted updates for two of its most used applications, addressing recently revealed security vulnerabilities. The most significant may be in Adobe's ubiquitous Flash Player, which could allow a remote user to hijack a computer by exploiting an input validation error. To expose themselves to this risk, users must run a malicious SWF file, which can be delivered via e-mail, the Web, and other means, according to the company's security bulletin. Mac OS vulnerabilities should be fixed in the 220.127.116.11 patch, which can downloaded manually or through the auto-updater.
The second set of vulnerabilities is in the company's professional graphics applications--Photoshop CS2 and CS3--and involves specific image types. The problems are less serious, however: while they still involve input validation exploits, they cannot be executed remotely. A user is affected by downloading contaminated BMP, DIB, PNG or RLE files, which must then be opened specifically through Photoshop. The issue is resolved in automatic updates for CS3, or manual patches for both CS2 and CS3.