Adobe has apparently changed its mind about requiring customers to pay to get recent security patches for its Photoshop, Illustrator, and Flash Professional products.
The patches cover vulnerabilities that could let a remote user execute malicious code and take control of computers that are running the products.
A post to Adobe's security blog dated yesterday says the following:
We are in the process of resolving the vulnerabilities...in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x (12.x) and Adobe Flash Professional CS5.x, and will update the respective Security Bulletins once the patches are available.
Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.
Adobe had originally said customers would need to pay to upgrade to the CS6 versions of the products to get the fix.
The company told CNET sister site ZDNet Australia earlier that "while Adobe did resolve these issues in the Adobe Illustrator/Photoshop/Flash Professional CS6 major releases, no dot release was scheduled or released for Adobe Illustrator/Photoshop/Flash Professional CS5 or CS5.5," and that "the team did not believe the real-world risk to customers warranted an out-of-band release to resolve these issues."
Adobe told ZDNet Australia that it wasn't aware of any attacks that were taking advantage of the security flaws, but the news site noted that there is "a working proof of concept for the Photoshop vulnerability in the wild, which could make it trivial for a hacker to launch a targeted attack on a user."
Rich Mogull, a security analyst at Securosis.com, told Macworld that a software maker not issuing security patches for products it still supports breaks with "industry convention and customer expectations. If the products are really out of support, then that's understandable. But [Adobe's] own site shows them still within an active support window." Macworld reported on the CS5.x fixes earlier today.
We've contacted Adobe for comment on the patches and will update this post if and when we hear back.