Adobe Photoshop gets fixes for critical security vulnerabilities

Adobe

Adobe has released security updates to address twelve critical vulnerabilities in Adobe Photoshop, Adobe Prelude, and Adobe Bridge that could allow attackers to execute arbitrary code on Windows devices.

In addition to the code execution vulnerabilities, a information disclosure bug was fixed in Adobe Reader Mobile for Android users.

The arbitrary code execution vulnerabilities are all ‘Out-of-bounds write’ and ‘Out-of-bounds read’ bugs in Windows versions that could allow arbitrary code execution in the security context of the logged in user.

For users who are running as a standard Windows users, and not an administrative account, the impact of these vulnerabilities are greatly restricted unless chained with another vulnerability that elevates privileges.

Adobe advises users to update the vulnerable apps to the latest versions to block attacks attempting to exploit unpatched installations.

APSB20-44 Security update available for Adobe Bridge

Adobe has released a security update for a critical vulnerability in Adobe Bridge that could allow remote code execution in the security context of the current user.

If a user is has standard privileges on the Windows machine, the risks will significantly be reduced. 

Windows users should install Adobe Bridge 10.1.1 to fix this critical vulnerability.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Out-of-bounds read  Arbitrary code execution Critical CVE-2020-9675
Out-of-bounds write   Arbitrary code execution Critical

CVE-2020-9674

CVE-2020-9676

APSB20-45 Security update available for Adobe Photoshop

Adobe has published security updates for Photoshop CC 2019 and Photoshop CC that resolves Out-of-bounds read and writes that could lead to remote code execution.

If a user is has standard privileges on the Windows machine, the risks will significantly be reduced. 

Users should install Photoshop CC 2019 20.0.10 or Photoshop CC 21.2.1 to fix these important severity flaws.

Vulnerability Category Vulnerability Impact Severity CVE Number
Out-of-bounds read  Arbitrary code execution Critical

CVE-2020-9683

CVE-2020-9686

Out-of-bounds write  Arbitrary code execution    Critical 

CVE-2020-9684

CVE-2020-9685

CVE-2020-9687

APSB20-46 Security update available for Adobe Prelude 

Adobe has released a security update for a critical vulnerability in Adobe Prelude that could allow code execution in the security context of the current user.

If a user is has standard privileges on the Windows machine, the risks will significantly be reduced. 

Windows users should install Adobe Prelude 9.01 to fix this critical vulnerability.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Out-of-Bounds Read Arbitrary code execution Critical

CVE-2020-9677

CVE-2020-9679

Out-of-Bounds Write Arbitrary Code Execution         Critical

CVE-2020-9678

CVE-2020-9680

APSB20-50 Security update available for Adobe Reader Mobile

Adobe has released updates for Adobe Reader Mobile that address an ‘Important’ information disclosure vulnerability.

This vulnerability is caused by a directory traversal bug that could lead to the disclosure of information in the context of the user.

Android users should install Adobe Reader Mobile 20.3 to resolve this vulnerability.

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Directory Traversal Information disclosure Important   CVE-2020-9663


Source: BleepingComputer

Leave a Reply