Adobe Patches Security Flaws ... For a Price
The upgrades that patch the vulnerabilities cost as much as $249.
"The highest-priority vulnerabilities among those patched Tuesday is a group of five flaws in Shockwave that can be used to run malicious code on vulnerable machines," writes Threatpost's Dennis Fisher. "The update applies to both Windows and Mac machines and Adobe is recommending that users upgrade to version 188.8.131.525. The Shockwave bugs are rated as a priority 2."
"Windows users can tell if they have Shockwave installed by checking for an entry for the program in the Add/Remove Programs listing from the Windows Control Panel," writes Krebs on Security's Brian Krebs. "If you don’t already have this program, I’d recommend keeping it that way. I seem to have gotten along fine without it for several years now, and going without it just means one less buggy application to patch."
The H Security reports that all of the updates, aside from the one for Shockwave, will cost a significant amount of money to install. "It costs $199 to upgrade from a previous version to Photoshop CS6 alone, and this update is recommended by Adobe because it fixes several critical security holes," the article states. "The other upgrades, for Illustrator and Flash Professional, which close security holes are also exclusively available to paying customers."
If you don't want to pay for the upgrades ($249 for Illustrator and $99 for Flash Professional), Adobe's security bulletins simply advise that you "follow security best practices and exercise caution when opening files from unknown or untrusted sources."
In other words, good luck.