Adobe released a series of security patches for Photoshop for Windows and macOS. The updates are designed to resolve “critical” vulnerabilities that could lead to arbitrary code execution.
The “Priority 3” updates – both with a CVSS (Common Vulnerability Scoring System) base score of 7.8 – affect Photoshop 2020 (version 21.2.10 and prior) and 2021 (v22.4.3 and prior). These issues include heap-based buffer overflow and out-of-bounds write vulnerabilities, respectively, that could allow for arbitrary code execution.
For managed environments, Adobe noted that IT administrators can use the Admin Console to deploy Creative Cloud applications to remote end users.
The issues were reported by Yongiun Liu of the nsfocus security team and Francis Provencher, working with the Trend Micro Zero Day Initiative.
Additional details come via Adobe.
