Category: General|Jul 27, 2020 | Author: Admin

Emergency Update Addressed Multiple Adobe Photoshop Vulnerabilities

• adobe
• Adobe-Bridge
• Adobe-critical-vulnerability
• Adobe-patch
• Adobe-Patch-Tuesday
• Adobe-Photoshop
• Adobe-Photoshop-CC
• Adobe-Prelude
• Adobe-Reader
• Adobe-Reader-Mobile
• Adobe-Update
• Adobe-vulnerability
• arbitrary-code-execution
• bug
• code-execution
• permalink

Share on

 Facebook |  Twitter |  LinkedIn |  Reddit

Adobe issued an out-of-band update right after the Patch Tuesday update bundle. This update addressed multiple vulnerabilities across different products, including critical vulnerabilities in Adobe Photoshop.

Critical Adobe Photoshop Vulnerabilities Fixed Adobe fixed five different critical severity vulnerabilities in Adobe Photoshop.

 

As stated in their advisory, the bugs included two out-of-bounds read flaws (CVE-2020-9683, CVE-2020-9686) and three out-of-bounds write flaws (CVE-2020-9684, CVE-2020-9685, CVE-2020-9687).

 

When exploited, these bugs could allow an attacker to execute arbitrary codes on the target system in the context of the current user. The vulnerabilities affected Adobe Photoshop CC 2019 version 20.0.9 and earlier and Photoshop 2020 version 21.2 and earlier.

 

Adobe subsequently patched the flaws with the release of Photoshop CC 2019 v.20.0.10 and Photoshop CC v.21.2.1.

 

Other Adobe Out-of-Band Updates Alongside Photoshop, Adobe also addressed bugs in other products.

 

Precisely, they addressed four different critical severity bugs in Adobe Prelude. These include two out-of-bounds read vulnerabilities (CVE-2020-9677, CVE-2020-9679), and two out-of-bounds write flaws (CVE-2020-9678, CVE-2020-9680).

 

All these bugs could allow arbitrary code execution to an attacker. Adobe fixed them with the release of Adobe Prelude 9.0.1 for Windows and macOS.

 

Also, they fixed three critical vulnerabilities in Adobe Bridge by releasing the product version 10.1.1. The vulnerabilities in all these products caught Adobe’s attention after Mat Powell of Trend Micro ZDI reported about them.

 

Besides, following the report of a researcher with the alias fatal0, Adobe patched an important severity directory traversal flaw in Adobe Reader Mobile. When exploited, the vulnerability could lead to information disclosure.

 

Adobe addressed the bug with the release of Adobe Reader Mobile v.20.3 for Android. For all the vulnerabilities, Adobe confirmed no active exploitation in the wild.

 

These updates follow the monthly scheduled updates of Adobe for July 2020. Considering the critical nature of the bugs, all Adobe users, particularly those using Adobe Photoshop, must ensure updating their devices to the latest patched versions. Let us know your thoughts in the comments.

Comments: