Adobe has released a batch of out-of-bound security updates that fix a total of 13 vulnerabilities across its Bridge, Prelude and Photoshop products.
Of five vulnerabilities addressed in Photoshop application, two are out-of-bounds read (CVE-2020-9683 and CVE-2020-9686) that allow an attacker to gain access to sensitive information, while other three are out-of-bounds write bugs (CVE-2020-9684, CVE-2020-9685, and CVE-2020-9687), which could be exploited for remote code execution.
The flaws impact Photoshop CC 2019 versions 20.0.9 and earlier and Photoshop 2020 21.2 and earlier (for Windows). Users can update to versions 20.0.10 and 21.2.1, respectively.
In Bridge, Adobe’s asset management app, three vulnerabilities have been patched, two of which (CVE-2020-9674, CVE-2020-9676) could lead to remote code execution. Adobe Bridge versions 10.0.3 and earlier are affected. Users are recommended to update to version 10.1.1 for a fix.
Adobe Prelude solution has been found to contain out-of-bounds read (CVE-2020-9677, CVE-2020-9679) and out-of-bounds write (CVE-2020-9678, CVE-2020-9680) vulnerabilities that can allow code execution. The bugs affect Adobe Prelude versions 9.0 and earlier for Windows. Users can update to version 9.0.1. to resolve the flaws.
Adobe said it found no evidence of above mentioned vulnerabilities being exploited in the wild.