Adobe Patch Tuesday updates address critical in Photoshop, Digital Editions

Adobe Patch Tuesday updates for March 2019 address critical vulnerabilities in Photoshop CC and Digital Editions products.

Adobe Patch Tuesday updates for March 2019 address critical flaws in Photoshop CC and Digital Editions products.

The updates address a heap overflow issue affecting the Digital Editions ebook reader software, the bug could be exploited by attackers to execute arbitrary code in the context of the current user (CVE-2019-7095).

“Adobe has released a security update for Adobe Digital Editions.  This update resolves a critical vulnerability.  Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.” reads the security advisory.

The flaw was reported by a security researcher who uses the online with the moniker albalawi-s.

Adobe Patch Tuesday updates for March 2019 address another heap overflow vulnerability in Photoshop CC for Windows and macOS. The bug that can lead to arbitrary code execution in the context of the current user (CVE-2019-7094). The flaw was reported by the security expert Francis Provencher through Trend Micro’s Zero Day Initiative.

“Adobe has released updates for Photoshop CC for Windows and macOS. These updates resolve a critical vulnerability in Photoshop CC 19.1.7 (and earlier 19.x versions) as well as 20.0.2 (and earlier 20.x versions).” reads the advisory published by Adobe. “Successful exploitation could lead to arbitrary code execution in the context of the current user.”

Both vulnerabilities have been rated as critical, but received a priority rating of “3” because they are unlikely to be exploited in attacks.

The good news for Adobe users is that there is no evidence that the flaws have been exploited in attacks in the wild.

Yesterday security researchers at Swascan revealed they have found several flaws in an Adobe sandbox service hosted at adobesandbox.com.

“Swascan Team, during the security analysis for a media company in Europe, found 5 vulnerabilities related to the Web Servers at adobesandbox.com which handles through multiple and different hosts the Adobe Sandbox Service.” reads the security advisory published by Swascan.

One of the flaws has been classified as “high,” two as “medium” and two as having “low” severity. The exploitation of the flaws could “easily impact the Integrity, Availability and Confidentiality of the systems.”

The experts did not publicly share details of the flaws, Adobe confirmed the flaws but added that they only affects demo services and not affect the
Adobe Reader sandbox.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – Adobe, Photoshop)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.