Contrary to reports that Adobe had suggested users should pay for an upgrade to CS6 to patch a serious security hole, the company has now announced that it is "in the process of resolving these vulnerabilities" in versions CS5 and CS5.5 of its applications. The bug allows a maliciously designed TIFF file to cause a buffer overflow and act as a backdoor for malware, and it affects older versions of Photoshop, Illustrator, and Flash on both Windows and Mac.
The confusion seemingly came from the original wording of the Adobe product security bulletin, which stated that "Adobe Photoshop CS6 addresses these vulnerabilities" without mentioning that a security patch for older versions was being worked on. Users of CS5 and below were understandably outraged, claiming that that for Adobe to expect them to pay for updates to patch a security flaw dubbed as "critical" was unacceptable. This move should placate users of CS5, though earlier versions seem to have been left out for now. We'll let you know when the updated software hits, but in the meantime think twice before you open a TIFF.