OS X users who install certain versions of Adobe Creative Suite 3 may open up their computer to outside attackers due to a flaw in the installer. Adobe has published a Security Advisory detailing the steps that users have to go through to ensure that security is restored.

Adobe's Creative Suite 3 is extremely popular, and after the long wait for it to come out, many were thrilled to finally be able to install it. However, there is a flaw in the installation process that leaves the machine exposed to outside threats. Both those who plan to install CS3 and those who have already installed it should check to make sure their firewall is functioning properly.

The vulnerability is caused by installing Adobe Version Cue CS3 Server on some Mac systems. Adobe Version Cue CS3 Server is installed as part of Adobe Creative Suite 3 Design Premium, Design Standard, Web Premium, or Web Standard editions. When Adobe Version Cue CS3 Server is installed on OS X machines that have the firewall turned on, the installer will automatically turn off the firewall to set TCP ports 3703, 3704, 50900 and 50901, to allow controlled access to Adobe Version Cue CS3 Server through the Mac OS X firewall service. However, while the installer turns off the firewall in order to make the necessary changes, it never actually turns it back on after installation is complete. This leaves the computer open to a potential security threat.

Adobe categorizes this as a critical issue and recommends that affected users manually reactivate their personal firewall settings on their Mac systems. If exploited, the vulnerability could compromise the security of the user's computer, potentially without the user being aware of it.
Fortunately, this flaw in the installer is simple to fix, by just turning the firewall back on after the installation process is complete. The setting can be found in The Sharing preference pane in System Preferences.