CBCnews

Picture this: Security flaw found in Photoshop

Security company Secunia has issued a warning about what it calls a "highly critical" security hole in Adobe's popular Photoshop software.

Secunia said it has confirmed that the exploit affects Adobe Photoshop CS2 and Photoshop Elements 5.x. It is still trying to determine if it affects Photoshop CS3.

Portable network graphics (PNG) is a file format for saving digital images. It was developed as an alternative to GIF files. PNG is supported by many of the latest web browsers and graphics programs.

The security hole in the Adobe software, which was unpatched as of Monday afternoon, becomes an issue if Photoshop is used to open an infected PNG file. Malicious code contained in the file can then launch a buffer overflow attack. In a nutshell, this means an infected PNG file could be set up to run programs that could give a hacker remote access to a computer.

According to Secunia, "The vulnerability is caused due to a boundary error within the PNG.8BI Photoshop Format Plugin when handling PNG files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PNG file."

Until a patch is released, a good defence would be to avoid using the affected versions of Photoshop to open PNG files unless you know they're from a trusted source.

Comments

  •  
  •