Adobe has confirmed that it will fix the security problems with
Photoshop and other CS5.x packages, having originally suggested that a
paid upgrade to CS6 was the only solution. The security concerns, raised
by the company on May 8th, were rated as 'critical,' meaning it could
'allow malicious native-code to execute, potentially without a user
being aware.' Despite this, the original solution raised in the company security bulletin was to upgrade to CS6, leaving CS5.x users vulnerable. The bulletin has now been updated.
Following us questioning the original approach, Adobe has issued this statement:
'We are in the process of resolving these vulnerabilities in Adobe
Photoshop CS5.x, and will update this Security Bulletin once the patch
is available. Users may monitor the latest information on the Adobe
Product Security Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.'
source: dpreview