ALARM Group ALERT - click for a description of ALARM, The Computing Alert System Alert Number:  071107-01 Alert Date:  07/11/07 Alert Title:  Adobe addresses vulnerabilities in Photoshop and Flash player Update-to:   None OS/Platform/Application:  Adobe Photoshop versions CS2 and CS3 Adobe Flash Player (all versions <9.0.47.0) Category:  ALERT Severity: MEDIUM Attention:  Adobe Photoshop and Flash player users

Summary:  On July 10 2007 Adobe released security bulletins pertaining to critical vulnerabilities in its popular Photoshop and Flash player products.  The most likely vector of exploit for the Photoshop vulnerability would be the opening of a malicious BMP, DIB, RLE or PNG file type.  The vector for Flash player would be the opening of a malicious SWF file.  Successful exploitation could result in the takeover of a vulnerable system.

Recommended Actions:   Adobe has provided software to address these vulnerabilities.  Photoshop users can apply an update to their current software and Flash Player users can upgrade to version 9.0.47.0; users of either software product are encouraged to read the security bulletins (links provided below) and apply the updates/upgrades at their earliest convenience.

ITS Actions:  N/A

Resources:

Adobe Photoshop security bulletin:
http://www.adobe.com/support/security/bulletins/apsb07-13.html

Adobe Flash Player security bulletin:
http://www.adobe.com/support/security/bulletins/apsb07-12.html