Adobe Photoshop gets fixes for critical security vulnerabilities


Level 32
Nov 10, 2017
Adobe has released security updates to address twelve critical vulnerabilities in Adobe Photoshop, Adobe Prelude, and Adobe Bridge that could allow attackers to execute arbitrary code on Windows devices.

In addition to the code execution vulnerabilities, a information disclosure bug was fixed in Adobe Reader Mobile for Android users.

The arbitrary code execution vulnerabilities are all 'Out-of-bounds write' and 'Out-of-bounds read' bugs in Windows versions that could allow arbitrary code execution in the security context of the logged in user.

For users who are running as a standard Windows users, and not an administrative account, the impact of these vulnerabilities are greatly restricted unless chained with another vulnerability that elevates privileges.

Adobe advises users to update the vulnerable apps to the latest versions to block attacks attempting to exploit unpatched installations.