http://www.v3.co.uk/v3-uk/news/2174307/adobe-criticised-handling-security-flaws
In its advisory, the company made no mention of a patch for Photoshop CS5 but rather noted that the vulnerability has been addressed in the recently-released Photoshop CS6 build.
In order to protect against the flaw, Adobe recommends that user pay to update their copies of Photoshop to CS6.
Those who are not able or unwilling to purchase the upgrade are being advised by the company to use best practices and exercise caution when opening unknown files.
The move has brought criticism from many customers and security experts who have accused the company of leaving users vulnerable to attack in an effort to increase uptake of CS6. Sophos senior technology consultant Graham Cluley said the move was a "PR Disaster" for Adobe.
"Adobe's view is that because Photoshop 'has historically not been a target for attackers' the risk level doesn't make it worthwhile to produce a fix that users don't have to pay for," Cluley said in a blog post.
"Maybe Adobe customers who feel nervous opening .TIF files will judge the level of risk for themselves, and prefer to seek alternatives from companies that take better care of their users."