Instead of developing a patch for the software, Adobe originally said that in order to fix the issue, users would have to upgrade their software to the newer CS6 version—something users would have to pay for.
But since then, and after complaints, bad press, and user backlash, Adobe has changed its tune. The company now says that it is in the process of developing a patch that won’t essentially force users to upgrade in order to fix the security vulnerability.
For a popular product that was just over two years old, providing a fix to address a serious security flaw its what customers deserve. And while Adobe may have originally tried to sneak by without addressing the issue and pushing users to upgrade to its new product, the company made the right move in the end.