Adobe has confirmed that it will fix the security problems with Photoshop and other CS5.x packages, having originally suggested that a paid upgrade to CS6 was the only solution. The security concerns, raised by the company on May 8th, were rated as 'critical,' meaning it could 'allow malicious native-code to execute, potentially without a user being aware.' Despite this, the original solution raised in the company security bulletin was to upgrade to CS6, leaving CS5.x users vulnerable. The bulletin has now been updated.
Following us questioning the original approach, Adobe has issued this statement:
'We are in the process of resolving these vulnerabilities in Adobe Photoshop CS5.x, and will update this Security Bulletin once the patch is available. Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.'