Exploit code that could take advantage of a "highly critical" security flaw in the most recent versions of Adobe Photoshop has been published, a security researcher reported.
The vulnerability concerns the way Adobe Photoshop handles the processing of malicious bitmap files, such as .bmp, .dib and .rle. A malicious attacker could exploit the flaw to launch a buffer overflow attack. That buffer overflow would then allow the intruder to take over a user's system.
Although a security researcher has published code to demonstrate how to exploit the vulnerability, Secunia has yet to detect any malicious use of the code, said Thomas Kristensen, Secunia's chief technology officer.
"There are no active exploits out there yet, but any attacks will be limited," Kristensen said. "Photoshop is primarily used by advertising agencies and image editors and not a lot of private individuals."
Until Adobe Systems develops a fix, Secunia advises users to forgo opening bitmap files where the source of the file is not clear or verifiable.
A researcher named Marsu is credited with discovering the vulnerability.
Adobe, meanwhile, issued a statement saying it has been notified of the potential Photoshop security flaw and is investigating the issue.
C/Net is leaving out some critical information yet again.
Which PhotoShop platform does this effect?
Mac? Windows? or Both?
Of Adobe's total sales, slightly less than 50% are for the Mac platform. I don't know what it is just for PhotoShop alone.
Since the percentage of Mac to Windows is somewhat greater for PhotoShop users than the standard 5/95 ratio for computer users in general, you'd think the affected operating system would be mentioned at least once.
Three bitmap filetypes are mentioned, .bmp, .dib and .rle. Are these the only types affected? If so perhaps it's not such a big deal, especially for Mac users (if the exploit works on Macs too) as those aren't used that much in serious Photoshop work.
Three bitmap filetypes are mentioned, .bmp, .dib and .rle. Are these the only types affected? If so perhaps it's not such a big deal, especially for Mac users (if the exploit works on Macs too) as those aren't used that much in serious Photoshop work.
CNET conveniently forgets to mention it's a WINDOWS problem..!
What lame reporting CNET has done again, took me 2 clicks to find the truth about the exploit but CNET doesn't even bother to mention in the article what OS this exploit affects..
This is just an expoit example where "Marsu" chose to use Calc to prove it could run anything, yet make it harmless at the same time. Chances are "Marsu" hasn't even got a Mac to test it on...
Google creates an animated doodle that features a boy, a girl, Google's search engine, and a jump rope. But might there be darker, more analytical, more troubling interpretations to this tale?
When the sun goes down, that's when the iPad gets busy for folks with news readers. The iPhone? It's more of a daytime habit. If you're building an app for both devices, heed the lesson.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
Which PhotoShop platform does this effect?
Mac? Windows? or Both?
Of Adobe's total sales, slightly less than 50% are for the Mac
platform. I don't know what it is just for PhotoShop alone.
Since the percentage of Mac to Windows is somewhat greater for
PhotoShop users than the standard 5/95 ratio for computer
users in general, you'd think the affected operating system
would be mentioned at least once.
<a class="jive-link-external" href="http://milw0rm.com/exploits/3793" target="_newWindow">http://milw0rm.com/exploits/3793</a>
* This sploit runs calc.exe.
* Tested against Win XP SP2 FR.
* Have Fun!
CNET = "The National Enquirer"
doesn't, they forget to tell us what platforms it affects.
Next time, read your source.
Thanks
~vjp~