Adobe Addresses Critical Vulnerabilities in Photoshop CC
Today, Adobe Systems released an emergency security update to address two severe remote code execution vulnerabilities affecting Adobe Photoshop CC on both Microsoft Windows and Apple macOS platforms.
According to an advisory issued by Adobe, these critical flaws stem from memory corruption issues, potentially enabling an unauthorized remote attacker to execute arbitrary code within the user context. Specifically, these vulnerabilities are cataloged as CVE-2018-12810 and CVE-2018-12811. They impact versions of Adobe Photoshop CC 2018 (version 19.1.5 and prior) and 2017 (version 18.1.5 and earlier).
The vulnerabilities were originally identified by Kushal Arvind Shah from Fortinet’s FortiGuard Labs and have since been rectified in the new releases of Photoshop CC—versions 19.1.6 and 18.1.6.
It is noteworthy that these vulnerabilities were not included in Adobe’s security updates for August 2018, which addressed 11 security flaws across products such as Flash Player, Acrobat and Reader, Experience Manager, and Creative Cloud. While 11 security bugs were patched, only two were categorized as critical, and no active exploitation of these flaws has been reported thus far.
Despite their critical rating, the newly patched vulnerabilities received a priority rating of 3, suggesting that they have not been actively targeted in real-world cyberattacks. At this time, detailed information regarding the vulnerabilities remains limited.
Given the potential risks associated with these remote code execution vulnerabilities, it is strongly recommended that users and IT administrators of Adobe Photoshop CC implement the latest security updates immediately to safeguard their systems.
The cybersecurity landscape is increasingly fraught with risks, and vigilance is required to protect sensitive data and maintain system integrity. Utilizing the MITRE ATT&CK framework, one can infer that tactics such as initial access and privilege escalation may be relevant in understanding the potential exploitation avenues for these vulnerabilities.
Business owners should prioritize regular updates and patches, ensuring that their software environments are secure against evolving threats. As cybersecurity incidents continue to rise, staying informed and proactive is essential for mitigating risks.