Adobe has pushed live security updates for its Bridge, Photoshop and Prelude applications that patch a number of critical vulnerabilities, including a few that could enable threats to execute code on Windows computers.
While Adobe’s vague ‘Security Updates’ changelog brushes on the patches, security site ThreatPost offers a more detailed look at what Adobe has done to address 12 common vulnerabilities and exposures (CVEs) in Adobe Bridge, Adobe Photoshop and Adobe Prelude, which were first discovered by Mat Powell of Trend Micro’s Zero Day Initiative.
ThreatPost says each of the 12 ‘critical flaws stem from out-of-bounds read and write vulnerabilities, which occur when the software reads data past the end of — or before the beginning of — the intended buffer, potentially resulting in corruption of sensitive information, a crash, or code execution among other things.’ Specifically, five flaws were addressed in Adobe Photoshop, three in Adobe Bridge and four in Adobe Prelude.
According to Adobe, no known uses of these critical bugs have been reported in the wild, but you’re going to want to make sure all of your programs are up to date if you don’t have automatic updates installed. You’ll want to make sure you’re running versions 20.0.10 and 21.2.1 for Photoshop CC 2019 and Photoshop 2020, respectively. Adobe Bridge and Adobe Prelude should be running versions 10.1.1 and 9.0.1, respectively.
All updates can be downloaded via the Creative Cloud desktop app for macOS and Windows computers.