After being pummeled by customers and security experts for telling users to spend hundreds of dollars on upgrades because it wasn’t going to patch critical bugs in older versions of its software, Adobe has reversed course.
The company will now fix the eight vulnerabilities in the one-year-old Illustrator and Flash Professional CS5.5, and the two-year-old Photoshop CS5, an Adobe spokeswoman said via email late Friday.
There will be no charge for the updates.
A post by Adobe’s product security response team to its official blog spelled out the change.
“We are in the process of resolving the vulnerabilities addressed in these security bulletins in Adobe Illustrator CS5.x, Adobe Photoshop CS5.x and Adobe Flash Professional CS5.x, and will update the respective security bulletins once the patches are available,” the team wrote.
Neither the response team nor the Adobe spokeswoman gave a reason for the change, or even acknowledged the brouhaha prompted by the firm’s earlier announcement.
Last week, Adobe said it would not quash the bugs — one is in Flash Professional, two in Photoshop and five in Illustrator — and told customers to upgrade to the Creative Suite 6 (CS6) editions if they wanted the patches.
Adobe launched CS6 last month. The steep upgrade prices, however, triggered anger among users and incredulousness among security researchers.
“For all that they have been doing to revise their face of security, this just brings them right back into the dunce cap seat,” said Andrew Storms, director of security operations at nCircle Security, in a Friday interview before Adobe changed its tune.
Upgrade prices for the three applications range from $99 for Flash Professional to $249 for Illustrator, while an upgrade to CS6 Design & Web Premium, the least-expensive edition that includes all three, costs $375.
On Saturday, Storms noted Adobe’s reversal.
“So it looks like Adobe is going to patch Photoshop CS5 after all. Maybe they listened to all the mad people?” Storms said on Twitter.