Show vulnerabilities with patch / with exploit
22 July 2020

Adobe releases emergency security updates for critical flaws in Photoshop, Bridge, Prelude


Adobe releases emergency security updates for critical flaws in Photoshop, Bridge, Prelude

Adobe has released a batch of out-of-bound security updates that fix a total of 13 vulnerabilities across its Bridge, Prelude and Photoshop products.

Of five vulnerabilities addressed in Photoshop application, two are out-of-bounds read (CVE-2020-9683 and CVE-2020-9686) that allow an attacker to gain access to sensitive information, while other three are out-of-bounds write bugs (CVE-2020-9684, CVE-2020-9685, and CVE-2020-9687), which could be exploited for remote code execution.

The flaws impact Photoshop CC 2019 versions 20.0.9 and earlier and Photoshop 2020 21.2 and earlier (for Windows). Users can update to versions 20.0.10 and 21.2.1, respectively.

In Bridge, Adobe’s asset management app, three vulnerabilities have been patched, two of which (CVE-2020-9674, CVE-2020-9676) could lead to remote code execution. Adobe Bridge versions 10.0.3 and earlier are affected. Users are recommended to update to version 10.1.1 for a fix.

Adobe Prelude solution has been found to contain out-of-bounds read (CVE-2020-9677, CVE-2020-9679) and out-of-bounds write (CVE-2020-9678, CVE-2020-9680) vulnerabilities that can allow code execution. The bugs affect Adobe Prelude versions 9.0 and earlier for Windows. Users can update to version 9.0.1. to resolve the flaws.

Adobe said it found no evidence of above mentioned vulnerabilities being exploited in the wild.

Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020