Jump to content

Adobe Patches Critical Photoshop, Digital Edition Flaws


Recommended Posts

Adobe Patches Critical Photoshop, Digital Edition Flaws

adobe security updates

Adobe fixed two arbitrary code execution flaws in its Photoshop and Digital Edition products. 

 

Adobe on Tuesday released its March Security Update, reporting and fixing only two critical flaws: one in Photoshop CC and one in Adobe Digital Editions.

 

Both critical flaws could allow a bad actor to achieve arbitrary code execution in the context of the current user, Adobe said. The company said it is not aware of any exploits in the wild for the security issues.

“Adobe has published security bulletins for Adobe Digital Editions and Adobe Photoshop CC,” the company said in its release. “Adobe recommends users update their product installations to the latest versions…”

 

subscribe2.jpg

 

The first critical flaw is in Adobe Photoshop CC for Windows and macOS. Successful exploitation of the heap corruption flaw (CVE-2019-7094) could lead to arbitrary code execution in the context of the current user.

 

Francis Provencher with Zero Day Initiative (ZDI) is credited with discovering the vulnerability. “This is a heap corruption due to an out-of-bounds write in Photoshop that could allow code execution if an attacker could convince someone to open a specially crafted file,” a ZDI spokesperson told Threatpost.

Impacted are Photoshop CC 19.1.7 (and earlier 19.x versions) as well as 20.0.2 (and earlier 20.x versions); users are urged to update to Photoshop CC 19.1.8 and 20.0.4 for Windows and macOS.

 

The other critical vulnerability exists in Adobe Digital Edition, its ebook reader software program.

 

The heap overflow vulnerability, CVE-2019-7095, could be exploited to achieve arbitrary code execution  in the context of the current user, according to Adobe. Versions 4.5.10.185749 and below for Windows are impacted, and users are urged to update to version 4.5.10.186048.

Both updates are “priority 3,” meaning that “this update resolves vulnerabilities in a product that has historically not been a target for attackers. “Adobe recommends administrators install the update at their discretion,” according to the update notes.

Adobe’s February update resolved far more bugs in its products. Overall, Adobe’s February update patched 75 important and critical vulnerabilities across its products compared to only two reported in March.

 

Earlier in March, Adobe also issued an emergency patch for a critical vulnerability in its ColdFusion service that is being exploited in the wild. The vulnerability, CVE-2019-7816, exists in Adobe’s commercial rapid web application development platform, ColdFusion. The ColdFusion vulnerability is a file upload restriction bypass which could enable arbitrary code execution.

 

 

 

 

Source

Link to post
Share on other sites
  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

  • The AchieVer

    1

Popular Days

Top Posters In This Topic

Popular Posts

Adobe Patches Critical Photoshop, Digital Edition Flaws Adobe fixed two arbitrary code execution flaws in its Photoshop

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...