Adobe Illustrator Lets Hackers Compromise Your Machine!

Adobe products are very popular and if they're found with flaws, it means that a lot of machines are vulnerable. And if the recent Adobe-related bad news wasn't enough, other two vulnerabilities have been disclosed in Adobe Illustrator CS3. The flaws are related to PNG/BMP file processing, and let me tell you that they're not something to you should take lightly. Secunia experts have dubbed these vulnerabilities as highly critical, and I had to agree on the level of severity, after seeing what these could cause.

A vendor patch has been released to prevent malicious users abusing these vulnerabilities and remotely accessing an affected machine. The system could be compromised if a malicious user exploited the flaws. As Secunia informs, the vulnerabilities are caused due to input validation errors in PNG.8BI and BMP.8BI when processing PNG and BMP image files. These can be exploited to cause heap-based buffer overflows when e.g. opening a specially crafted .PNG or .BMP file. Specially crafted means malicious in this case, so don't panic - if you only use it with trusted files, then you shouldn't fear getting hacked via this program!

The CS3 version is affected, but knowing how developers recycle code, prior versions may also be affected as well. In any case, you can stay safe if you patch it up - there is no simple way to go around this, so that's why the vendor issued an advisory. There is no file that you can just install, follow a "next next next finish" installation process - there are more measures that you need to take. These are all described in the advisory for which I already provided a link, both for Macintosh users as well as for people who use Windows. I advise you to be careful and stick to the steps they recommend - doing otherwise might screw things up even worse!