Adobe backpedals, will now patch software for free
Changes tune after customers, security pros condemned Adobe's advice to spend hundreds on upgrades to get fixes
Computerworld - After being pummeled by customers and security experts for telling users to spend hundreds of dollars on upgrades because it wasn't going to patch critical bugs in older versions of its software, Adobe has reversed course.
The company will now fix the eight vulnerabilities in the one-year-old Illustrator and Flash Professional CS5.5, and the two-year-old Photoshop CS5, an Adobe spokeswoman said via email late Friday.
There will be no charge for the updates.
A post by Adobe's product security response team to its official blog spelled out the change.
"We are in the process of resolving the vulnerabilities addressed in these security bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x and Adobe Flash Professional CS5.x, and will update the respective security bulletins once the patches are available," the team wrote.
Neither the response team nor the Adobe spokeswoman gave a reason for the change, or even acknowledged the brouhaha prompted by the firm's earlier announcement.
Last week, Adobe said it would not quash the bugs -- one is in Flash Professional, two in Photoshop and five in Illustrator -- and told customers to upgrade to the Creative Suite 6 (CS6) editions if they wanted the patches.
Adobe launched CS6 last month.
The steep upgrade prices, however, triggered anger among users and incredulousness among security researchers.
"For all that they have been doing to revise their face of security, this just brings them right back into the dunce cap seat," said Andrew Storms, director of security operations at nCircle Security, in a Friday interview before Adobe changed its tune.
Upgrade prices for the three applications range from $99 for Flash Professional to $249 for Illustrator, while an upgrade to CS6 Design & Web Premium, the least-expensive edition that includes all three, costs $375.
On Saturday, Storms noted Adobe's reversal.
"So it looks like Adobe is going to patch Photoshop CS5 after all," Storms said on Twitter. "Maybe they listened to all the mad people?"
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed . His email address is firstname.lastname@example.org.
Read more about Security in Computerworld's Security Topic Center.
- EndPoint Interactive eGuide In this eGuide, Network World, Computerworld, and CIO examine two endpoint trends - BYOD and collaboration - and offer tips and advice on...
- Mobile First: Securing Information Sprawl Learn how the partnership between Box and MobileIron can help you execute a "mobile first" strategy that manages and secures both mobile apps...
- Cybersecurity Imperatives: Reinvent your Network Security The Rise of CyberSecurity
- Surescripts Case Study- Securing Keys and Certificates Surescripts implemented Venafi's Trust Protection Platform™ to secure digital keys and certificates, ensure the privacy and confidentiality of electronic clinical information for its...
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities.
- Deep Dive into Advanced Networking and Security with Hybrid Cloud Security and networking are among the top concerns when moving workloads to the cloud. VMware vCloud® Hybrid Service™ enables you to extend your... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!