Yesterday Adobe released critical security updates for its Photoshop, Bridge and Prelude applications to address critical vulnerabilities across the three applications.
According to security website ThreatPost, the unscheduled updates come a week after Adobe issued its official July 2020 security updates, including critical code-execution bugs. Several of the critical flaws are tied to Adobe’s popular Photoshop photo-editing software and allow adversaries to execute arbitrary code on targeted Windows devices. All of the reported critical flaws stem from out-of-bounds read and write vulnerabilities, which occur when the software reads data past the end of – or before the beginning of – the intended buffer, potentially resulting in corruption of sensitive information, a crash, or code execution among other things. The Photoshop vulnerabilities affect Photoshop CC 2019 versions 20.0.9 and earlier and Photoshop 2020 21.2 and earlier (for Windows).
Also fixed were critical flaws tied to three vulnerabilities in Bridge, Adobe’s asset management app plus vulnerabilities in the Prelude app, which works with Premiere Pro to allow users to tag media with metadata for searching, post-production workflows and footage lifecycle management. Adobe also issued patches for an ‘important’ security flaw in Adobe Reader Mobile for Android, which allows users to view and edit PDFs from their smartphones.
Users of the affected applications will be notified of the new updates and all updates will be available to download via Creative Cloud desktop applications.