[lnanek]

It's a tough call for the company. They don't make money on old versions of Photoshop, they make money on selling the current version. Engineers may have long since all been assigned to working on the current version or later, or even switched companies. So if the fix required significant work you'd have to make some current product schedule slip to go fix an old product used by people who haven't bought the latest version and may never buy again. Do you put your resources into supporting your current and future buyers or put your resources into supporting old buyers who haven't upgraded and may not, just on the off chance it helps your reputation, and you get more buyers in general...it's an extra step of indirection that may lose the internal support to redirect the resources to fix the problem.

[SquareWheel]

And yet, it makes me lose immense trust in their company. Why should I buy the current version if I'll just have to update from a security exploit in one or two years?

[chii]

If the software is making you profit, it makes sense to buy.

If the software isn't then why are you paying money for it in the first place?

A software company survives on selling licenses, and although I understand the moral implications of selling a security update like this, I think they are justified if the fix costs a lot of resources.