Available for both the Windows and Mac versions of Photoshop, Adobe has given this the status of a critical update.
If there are still those that believe serious security threats are the attributes of a particular platform, a recent advisory from Adobe should put that myth firmly to rest. Although no user is known to have yet been affected, Adobe has found that both the Mac and PC versions of Photoshop CS2 and CS3 contain “critical vulnerabilities” that could lead to an attacker taking control of a user’s system.
Apparently a malicious BMP, DIB, RLE or PNG file must be opened in Photoshop for this vulnerability to be exploited, with the delivery method seen as being that attacker’s best friend, an email attachment. Interestingly, using images as part of spam or attack-based emails is on the decline, according to Symantec, while Adobe’s own PDF format is increasingly being used.
The security updates for Photoshop CS3 can be applied with the application’s updater, while CS2 users have to manually download the patch and install it. Details and installation instructions are available on the Adobe site.