Adobe Releases Urgent Security Updates for Acrobat and Photoshop Software
Adobe has issued critical updates for its Acrobat DC, Reader, and Photoshop CC applications, addressing a total of 48 security vulnerabilities across both Windows and macOS platforms. This release is particularly significant given that 47 of these vulnerabilities pertain to Adobe Acrobat and Reader, while a single critical flaw was patched in Adobe Photoshop CC.
The Acrobat and Reader vulnerabilities encompass 24 that are classified as critical, including vulnerabilities related to Double Free, Heap Overflow, Use-after-free, Out-of-bounds write, Type Confusion, and Untrusted pointer dereference. Exploitation of any of these weaknesses could enable attackers to execute arbitrary code within the context of the affected user, posing a substantial risk to data security and system integrity. Additionally, the remaining 23 flaws are regarded as important and could potentially lead to security bypass or information disclosure through various methods such as Security Bypass and Out-of-bounds read.
These vulnerabilities impact a range of Adobe products, including Acrobat DC (both Consumer and Classic 2015 versions), Acrobat Reader DC (Consumer and Classic 2015), Acrobat 2017, and Acrobat Reader 2017. Adobe has classified the latest patches as a priority “1,” indicating that these vulnerabilities are either currently being exploited or are highly likely to be targeted soon. Consequently, users are strongly advised to update their software immediately to mitigate these risks.
In a separate release, Adobe addressed a critical “out-of-bounds write” vulnerability in Photoshop CC, which could also allow for arbitrary code execution. This vulnerability, identified as CVE-2018-4946, affects both Photoshop CC 2018 (version 19.1.3 and earlier) and Photoshop CC 2017 (version 18.1.3 and earlier). The flaw was reported by Giwan Go of Trend Micro’s Zero Day Initiative and has been resolved in versions 19.1.4 and 18.1.4. Adobe has rated this patch with a priority “3,” suggesting that the flaw is not currently being targeted by attackers.
The vulnerabilities outlined above are applicable to users in various sectors and geographic regions, emphasizing the critical need for timely software updates in both enterprise and individual settings. The combination of identified flaws could have employed various MITRE ATT&CK tactics during potential attacks, including initial access, exploitation of vulnerabilities, and privilege escalation.
Adobe encourages all end users and system administrators to install the latest security updates without delay to fortify their defenses against these significant vulnerabilities. The ongoing vigilance against cybersecurity threats remains paramount as businesses increasingly rely on various digital platforms for their operations.