Over 170,000 people are part of the Sophos community on Facebook. Why not join us on Facebook to find out about the latest security threats.
Hi fellow Twitter user! Follow our team of security experts on Twitter for the latest news about internet security threats.
Way to alienate a loyal customerbase, Adobe.
Earlier this week we reported on how users of a bunch of Adobe products, including Photoshop CS5 and earlier, were being warned about serious security issues.
In the case of the Windows and Mac versions of Adobe Photoshop, a vulnerability exists in version CS5 and earlier that could be exploited by a malicious attacker who tricks you into opening a boobytrapped .TIF file in order to take control of your computer.
That's a very serious problem. So, you would imagine that users would be rushing to download the security patch. Right?
Wrong.
Because the only fix that Adobe is making available is for users to upgrade to the latest version of Adobe Photoshop CS6. And that's going to cost users $199 or more. (If you aren't eligible for the upgrade, it will cost $600).
Ouch.
And it's a similar story for Windows and Mac users of Adobe Illustrator CS5.5 and earlier, and Adobe Flash Professional CS5.5 (11.5.1.349) and earlier. In each case, Adobe's answer is for you to pay a not inconsiderable amount of money to update to the next major version of the product in order to benefit from the security fix.
Sure enough, social networks and online forums are buzzing with posts from disgruntled users - angry that they are having to shell out hundreds of dollars for something which is, after all, Adobe's fault.
Adobe meanwhile tells users to "exercise caution" over what files they open with their applications, if they aren't prepared to pay for the upgrade.
What a PR disaster for the company.
At first when I heard the news I thought there must be some mistake. Maybe Adobe's security advisories had been worded poorly and although upgrading - for example, to PhotoShop CS6 - would fix the vulnerability, the firm would also roll out a free patch to users of earlier versions.
But no. Judging by a report from H-Online, Adobe has no plans to publish a free security fix.
Adobe's view is that because Photoshop "has historically not been a target for attackers" the risk level doesn't make it worthwhile to produce a fix that users don't have to pay for.
Maybe Adobe customers who feel nervous opening .TIF files will judge the level of risk for themselves, and prefer to seek alternatives from companies that take better care of their users.
Follow @gcluley