In early May, Adobe identified critical security holes in Photoshop and Illustrator, as well as Shockwave and Flash Professional, and advised users of the CS5 versions to upgrade to CS6, a solution that would cost users $199 per product to upgrade. At the time, Adobe issued a free security patch for Shockwave but not the other software.
Protests from users of the older software as well as the information security profession prompted Adobe to reverse course and agree to issue free security patches for CS5 versions of Photoshop, Illustrator, and Flash Professional when ready.
Well, on Monday, Adobe said the Photoshop and Illustrator patches were ready. The Photoshop patch fixes flaws that could lead to remote code execution in Photoshop CS5 and earlier versions for Windows and Macs: a use-after-free TIFF vulnerability, a buffer overflow issue, and a stack-based buffer overflow vulnerability in Collada .DAE file format. For Illustrator, Adobe issued a patch for six memory corruption flaws in Illustrator CS5 and earlier versions for Windows and Macs.
Apparently, the Flash Professional security patch is still being developed, since it was not issued with the Photoshop and Illustrator updates.