Adobe Decides: We Won’t Screw You This Time
In the wake of a flood of criticism, Adobe has decided to change course on the (non-) solution to their recently reported security vulnerabilities. Several days after their initial announcement, Adobe posted a new security bulletin stating that a patch is now in the works for the CS5.x versions of Photoshop, Illustrator, and Flash. No time-frame for completion of the patch is currently available.
On Tuesday, Adobe reported the existence of a security vulnerability in Photoshop CS5.x and other CS5 programs, but rather than providing a free patch for their flawed software, they suggested a $200 upgrade to the latest release.
In response to early critics, Adobe claimed that they did not believe that the security hole posed a real-world threat, as Photoshop is not a common target for hackers and no real-world exploits were known. Having announced the vulnerability, though, it’s hard to believe that Adobe expected the situation to remain unchanged. It is particularly troubling that the security flaw has been known since at least March 20, months before CS6 became available, and during that time, Adobe appears to have made no headway on addressing the problem.
Perhaps the most baffling part of this episode is that Adobe didn’t predict this PR nightmare. How could the company that recently gave us such an incredible new suite of multimedia cloud-programs for digital publishing not realize the power of the modern internet? While I am glad that Adobe has begrudgingly agreed to fix their design flaws, their initial stance points to a corporate management team that is remarkably out of touch with their customers and the modern world, a dangerous combination for any tech company.
