| Another critical flaw found in Photoshop CS3 |
|
| by Stephen Withers | |
| Tuesday, 01 May 2007 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
The flaw was discovered by 'Marsu', who found last week's flaw in Photoshop's handling of BMP and related files. iTWire's warning at that time ("It is also possible that Photoshop's routines for handling other types of files have similar flaws") has thus been borne out. The bug lies in the PNG.8BI plugin. Other software known to be vulnerable includes Photoshop CS2, Photoshop Elements 5 and Paint Shop Pro 11, but there could be others. Marsu has posted a sample exploit, so users should add PNG to the list of files types to be avoided unless they come from a trusted source. Although that exploit is coded specifically for Windows, nobody seems to be claiming that the Mac version of the plug-in doesn't contain the same vulnerability. There is an open source alternative to PNG.8BI: SuperPNG claims to be faster than Adobe's plug-in, as well as generating smaller PNG files. iTWire makes no comment on how secure it is, or its compatibility with recent versions of Photoshop.{moscomment} |
Tags
| < Next story in category | Previous story in the category > |
|---|
