Picture this: Security flaw found in Photoshop
- April 30, 2007 2:48 PM |
- By Ian Johnson
Security company Secunia has issued a warning about what it calls a "highly critical" security hole in Adobe's popular Photoshop software.
Secunia said it has confirmed that the exploit affects Adobe Photoshop CS2 and Photoshop Elements 5.x. It is still trying to determine if it affects Photoshop CS3.
Portable network graphics (PNG) is a file format for saving digital images. It was developed as an alternative to GIF files. PNG is supported by many of the latest web browsers and graphics programs.
The security hole in the Adobe software, which was unpatched as of Monday afternoon, becomes an issue if Photoshop is used to open an infected PNG file. Malicious code contained in the file can then launch a buffer overflow attack. In a nutshell, this means an infected PNG file could be set up to run programs that could give a hacker remote access to a computer.
According to Secunia, "The vulnerability is caused due to a boundary error within the PNG.8BI Photoshop Format Plugin when handling PNG files. This can be exploited to cause a stack-based buffer overflow via a specially crafted PNG file."
Until a patch is released, a good defence would be to avoid using the affected versions of Photoshop to open PNG files unless you know they're from a trusted source.
All News blogs
- Universe hates Higgs boson, Chicago Cubs
- By John Bowman, CBCNews. A physicist working on the Large Hadron Collider doesn't think much of the theory that the universe is sabotaging the project to prevent the discovery of the Higgs boson. Might as well say that Nature hates... Continue reading this post
- Large Hadron Collider goes Back to the Future
- By Peter Evans, CBCNews.ca. Two respected physicists have put forward the theory that the Large Hadron Collider's stated aim of finding the Higgs boson might be so abhorrent to nature that mysterious forces are traveling back through time and sabotaging... Continue reading this post
- Multi-touch concept for desktops: 10/GUI
- By John Bowman, CBCNews.ca. I'm a fan of alternative ideas for human-computer interaction, so this video caught my attention. It shows an idea for a ten-finger touchpad interface and associated changes in the way a computer would handle multiple windows.... Continue reading this post