Adobe Patches Photoshop in Emergency Update
Adobe released patches for critical vulnerabilities that were part of an out-of-band security update. Several critical flaws are tied to Adobe's Photoshop photo editing software and allow hackers to execute arbitrary code on targeted Windows devices. Adobe issued patches for flaws tied to 12 CVEs across Bridge, Prelude and Photoshop applications. The unscheduled updates come a week after Adobe issued its official July 2020 security updates, including critical code-execution bugs.
Adobe said it was not aware of any active exploits in the wild for any of the bugs patched in the update. The company did not offer technical details regarding the Photoshop CVEs. All the reported critical flaws stem from out-of-bounds read and write vulnerabilities, which occur when the software reads data past the end of or before the beginning of the intended buffer, resulting in corruption of sensitive information, a crash, or code execution.
Adobe Photoshop had two out-of-bounds read flaws, CVE-2020-9683 and CVE-2020-9686. All of these could lead to arbitrary code execution in the context of the current user. The Photoshop vulnerabilities affect Photoshop CC 2019 versions 20.0.9 and earlier and Photoshop 2020 21.2 and earlier. Users can update to versions 20.0.10 and 21.2.1, respectively.