Adobe Released Security Patches For Photoshop Vulnerabilities
Adobe has released its latest security patches that would help fix the multiple critical vulnerabilities that have been detected in Adobe Photoshop CC 19.1.5 and earlier 19.x versions, as well as 18.1.5 and earlier 18.x versions for Windows and macOS.
The vulnerabilities that the security patches, dated August 22, 2018, seek to fix are rated critical; these two vulnerabilities- CVE-2018-12810 and CVE-2018-12811- are memory corruption vulnerabilities that could let a remote hacker execute arbitrary codes on the targeted system, in the context of the current user. Experts are of the opinion that this particular security vulnerability has arisen due to improper memory operations in the above-mentioned versions of Adobe Photoshop.
The Adobe Security Bulletin with the security patches says- “Adobe has released updates for Photoshop CC for Windows and macOS. These updates resolve critical vulnerabilities in Photoshop CC 19.1.5 and earlier 19.x versions, as well as 18.1.5 and earlier 18.x versions. Successful exploitation could lead to arbitrary code execution in the context of the current user.”
Though the two vulnerabilities are classified “critical” as per Adobe severity rating standards (a “critical” vulnerability is one that would allow malicious native-code to execute, potentially without the user being aware), the priority rating that’s given is ‘3’, the kind of rating that is given to vulnerabilities in a product that has historically not been a target for hackers and hence comes with recommendation of update installation by administrators at their discretion.
The Adobe Security Bulletin explains the solution, saying, “Adobe recommends users update their software installations via each application’s update mechanism by launching each application, navigating to the Help menu, and clicking “Updates.””
The two critical security vulnerabilities were spotted and reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs.
With its Patch Tuesday updates for August 2018, released earlier this month, Adobe had addressed some other vulnerabilities in Adobe products. SecurityWeek reports- “Earlier this month, Adobe addressed nearly a dozen vulnerabilities in Flash Player, the Creative Cloud Desktop Application, Experience Manager, and Acrobat and Reader with the company’s Patch Tuesday updates for August 2018. None of the flaws have been exploited in the wild…It’s unclear why the Photoshop CC updates were not included in the Patch Tuesday updates.”
The report further adds- “Last month, researchers claimed they had found a potentially serious security issue in Adobe’s internal systems, but the company downplayed the impact of the vulnerability saying it was only an XSS flaw.”