Copy link to clipboard
Copied
Did Adobe issue any patch or update to remediate Log4j 1.2.15 Vulnerability for the Photoshop CS5.1? According to the Tenable, my device has the Log4j vulnerability and my company's Security Department asked me to contact Adobe for any remedy. Any help/input is appreciated. Thanks!
For sure not. CS 5 support finished 5 years after release, in 2015. This vulnerability was reported 6 years after support ended, in 2021. If a company is concerned about security, a common policy is to forbid running EOL software, which will not get security fixes.
You need the company to get you a Creative Cloud subscription.
Copy link to clipboard
Copied
For sure not. CS 5 support finished 5 years after release, in 2015. This vulnerability was reported 6 years after support ended, in 2021. If a company is concerned about security, a common policy is to forbid running EOL software, which will not get security fixes.
You need the company to get you a Creative Cloud subscription.
Copy link to clipboard
Copied
That's what I figured. Thanks for your input! But do you know if the Log4j 1.x has any legitimate concern on CS5.1? I read in many Cold Fusion posts that it was not a vulnerability for Cold Fusion
Copy link to clipboard
Copied
It's imposssible to say because (1) only Adobe ever had the internal information to check whether the vulnerability could be exploited in Photoshop and (2) Adobe are not going to devote time to doing that for an EOL product.
Copy link to clipboard
Copied
Very true. Thanks again for your replies
Copy link to clipboard
Copied
CS5.1 will never be patched. It was version 12 released in 2010 and replaced by CS6 (version 13 in 2012).
The current CC version in May 2023 is v24.5
@Test Screen Name That is a very good point you make that is often not considered by those who say version (insert any very old version you want) meets their needs. It also leaves open some vulnerabilities.
Dave
Copy link to clipboard
Copied
Thanks for confirming this! I guess they will make me uninstall it and won't buy me a CC subscription ;(