Adobe fixed critical code execution flaws in Bridge, Photoshop and Prelude products

This week, Adobe has addressed several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products.

Adobe has released security updates to address several critical code execution vulnerabilities in its Bridge, Photoshop and Prelude products.

“Adobe has published security bulletins for Adobe Bridge (APSB20-44), Adobe Photoshop (APSB20-45), Adobe Prelude (APSB20-46) and Adobe Reader Mobile (APSB20-50). Adobe recommends users update their product installations to the latest versions using the instructions referenced in the bulletin.” reads the advisory published by Adobe.

Adobe has released a security update for Adobe Bridge for Windows and macOS , it addresses three critical vulnerabilities that could lead to arbitrary code execution in the context of the current user.    

The flaws are critical out-of-bounds read and out-of-bounds write vulnerabilities that can be exploited by an attacker to execute arbitrary code in the context of the targeted user.

Below the vulnerability details:

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Out-of-bounds read	Arbitrary code execution	Critical	CVE-2020-9675
Out-of-bounds write	Arbitrary code execution	Critical	CVE-2020-9674 CVE-2020-9676

Adobe addressed critical flaws in Photoshop CC for Windows and macOS, including two out-of-bounds read bugs and three out-of-bounds write issues. The vulnerabilities could be exploited for arbitrary code execution.

Below the vulnerability details:

Vulnerability Category	Vulnerability Impact	Severity	CVE Number
Out-of-bounds read	Arbitrary code execution	Critical	CVE-2020-9683 CVE-2020-9686
Out-of-bounds write	Arbitrary code execution	Critical	CVE-2020-9684 CVE-2020-9685 CVE-2020-9687

Adobe has also released updates for Adobe Prelude  for Windows and macOS that address critical vulnerabilities. An attacker could exploit the flaw to achieve arbitrary code execution in the context of the current user.

The company fixed two out-of-bounds read and two out-of-bounds write vulnerabilities.

All of the above vulnerabilities were reported to Adobe by Mat Powell of Trend Micro’s Zero Day Initiative (ZDI).

The good news is that the company is not aware of any attacks exploiting these vulnerabilities.

Earlier this month, Adobe has addressed over a dozen flaws in its Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download Manager products.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Photoshop)

[adrotate banner=”5″]

[adrotate banner=”13″]