Adobe released a security upgrade for Adobe Photoshop CS5 and earlier for Windows and Macintosh. This upgrade addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. A malicious .TIF file must be opened in Photoshop CS5 and earlier for Windows and Macintosh by the user for an attacker to be able to exploit these vulnerabilities. Adobe is not aware of any attacks exploiting these vulnerabilities against Adobe Photoshop.
Adobe has released Adobe Photoshop CS6, which addresses these vulnerabilities. For users who cannot upgrade to Adobe Photoshop CS6, Adobe recommends users follow security best practices and exercise caution when opening files from unknown or untrusted sources.
To be clear, Photoshop CS5 has a security issue that allows remote control of a system via a malicious image file, and Adobe’s only solution is for users to pay to upgrade to CS6.
CS6 was released this week. If it hadn’t been, I’m sure CS5 would have gotten the patch.