Adobe addresses two critical vulnerabilities in Photoshop

Adobe has addressed two critical security vulnerabilities affecting its Photoshop image manipulation software.

Adobe released security updates to address two critical security vulnerabilities, tracked as CVE-2021-36065 and CVE-2021-36066, affecting the popular image manipulation software Photoshop.

The flaws affect versions of the software for both Windows and macOS, their exploitation could lead to arbitrary code execution in the context of the current user.                     

“Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical vulnerabilities.  Successful exploitation could lead to arbitrary code execution in the context of the current user.” reads the advisory.                 

The flaws affect Photoshop 2020 21.2.10 and earlier versions and Photoshop 2021 22.4.3  and earlier versions.   

The CVE-2021-36065 is a Heap-based Buffer Overflow while the CVE-2021-36066 is an Out-of-bounds Write issue, both rated with a CVSS score of 7.8.

The vulnerabilities have been reported by:

• Yongjun Liu of nsfocus security team (liuyongjun) (CVE-2021-36065)
• Francis Provencher {PRL} working with Trend Micro Zero Day Initiative ( CVE-2021-36066)

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Adobe)

[adrotate banner=”5″]

[adrotate banner=”13″]