News

Emergency Update Addressed Multiple Adobe Photoshop Vulnerabilities

Adobe have issued an out-of-band update right after the Patch Tuesday update bundle. This update addressed multiple vulnerabilities across different products, including critical vulnerabilities in Adobe Photoshop.

Adobe fixed five different critical severity vulnerabilities in Adobe Photoshop. As stated in their advisory, the bugs included two out-of-bounds read flaws (CVE-2020-9683, CVE-2020-9686) and three out-of-bounds write flaws (CVE-2020-9684, CVE-2020-9685, CVE-2020-9687).

When exploited, these bugs could allow an attacker to execute arbitrary codes on the target system in the context of the current user.

The vulnerabilities affected Adobe Photoshop CC 2019 version 20.0.9 and earlier and Photoshop 2020 version 21.2 and earlier.

Adobe subsequently patched the flaws with the release of Photoshop CC 2019 v.20.0.10 and Photoshop CC v.21.2.1.

Alongside Photoshop, Adobe also addressed bugs in other products.

Precisely, they addressed four different critical severity bugs in Adobe Prelude. These include two out-of-bounds read vulnerabilities (CVE-2020-9677, CVE-2020-9679), and two out-of-bounds write flaws (CVE-2020-9678, CVE-2020-9680). All these bugs could allow arbitrary code execution to an attacker. Adobe fixed them with the release of Adobe Prelude 9.0.1 for Windows and macOS.

Also, they fixed three critical vulnerabilities in Adobe Bridge by releasing the product version 10.1.1.

The vulnerabilities in all these products caught Adobe’s attention after Mat Powell of Trend Micro ZDI reported about them.

Besides, following the report of a researcher with alias fatal0, Adobe patched an important severity directory traversal flaw in Adobe Reader Mobile. When exploited, the vulnerability could lead to information disclosure. Adobe addressed the bug with the release of Adobe Reader Mobile v.20.3 for Android.

You Might Also Like