Adobe backpedals, will now patch software for free
Changes tune after customers, security pros condemned Adobe's advice to spend hundreds on upgrades to get fixes
Computerworld - After being pummeled by customers and security experts for telling users to spend hundreds of dollars on upgrades because it wasn't going to patch critical bugs in older versions of its software, Adobe has reversed course.
The company will now fix the eight vulnerabilities in the one-year-old Illustrator and Flash Professional CS5.5, and the two-year-old Photoshop CS5, an Adobe spokeswoman said via email late Friday.
There will be no charge for the updates.
A post by Adobe's product security response team to its official blog spelled out the change.
"We are in the process of resolving the vulnerabilities addressed in these security bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x and Adobe Flash Professional CS5.x, and will update the respective security bulletins once the patches are available," the team wrote.
Neither the response team nor the Adobe spokeswoman gave a reason for the change, or even acknowledged the brouhaha prompted by the firm's earlier announcement.
Last week, Adobe said it would not quash the bugs -- one is in Flash Professional, two in Photoshop and five in Illustrator -- and told customers to upgrade to the Creative Suite 6 (CS6) editions if they wanted the patches.
Adobe launched CS6 last month.
The steep upgrade prices, however, triggered anger among users and incredulousness among security researchers.
"For all that they have been doing to revise their face of security, this just brings them right back into the dunce cap seat," said Andrew Storms, director of security operations at nCircle Security, in a Friday interview before Adobe changed its tune.
Upgrade prices for the three applications range from $99 for Flash Professional to $249 for Illustrator, while an upgrade to CS6 Design & Web Premium, the least-expensive edition that includes all three, costs $375.
On Saturday, Storms noted Adobe's reversal.
"So it looks like Adobe is going to patch Photoshop CS5 after all," Storms said on Twitter. "Maybe they listened to all the mad people?"
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts