Adobe has fixed ten security vulnerabilities in Adobe Photoshop, Adobe Digital Editions, Adobe Bridge, and RoboHelp.
Seven vulnerabilities have been rated as critical, some of them could be exploited by remote attackers to execute arbitrary code.
Adobe has released two buffer overflow issues, tracked CVE-2021-28548 and CVE-2021-28549, that could lead to arbitrary code execution. Both issues were reported by guoxi of venustech ADLab. Affected Versions are:
|Photoshop 2020||21.2.6 and earlier versions||Windows and macOS|
|Photoshop 2021||22.3 and earlier versions||Windows and macOS|
The tech giant also addressed four ‘Critical’ code execution flaws and two vulnerabilities rated as ‘Important’ in the Adobe Bridge.
In the following table are reported vulnerability details:
|Vulnerability Category||Vulnerability Impact||Severity||CVE Numbers|
|Out-of-bounds read||Information Disclosure||Important||CVE-2021-21091|
|Improper Authorization||Privilege Escalation||Important||CVE-2021-21096|
|Memory Corruption||Arbitrary code execution||Critical||CVE-2021-21093CVE-2021-21092|
|Out-of-bounds write||Arbitrary code execution||Critical||CVE-2021-21094CVE-2021-21095|
The issues were reported by Francis Provencher from Trend Micro Zero Day Initiative (CVE-2021-21091, CVE-2021-21092, CVE-2021-21093, CVE-2021-21094), Tran Van Khang – khangkito (VinCSS) CVE-2021-21095), and ikth working with Trend Micro Zero Day Initiative (CVE-2021-21096).
Adobe also fixed a critical Privilege Escalation vulnerability in Adobe Digital Editions for macOS, tracked as CVE-2021-21100, and an Important Privilege Escalation vulnerability in RoboHelp, tracked as CVE-2021-21070.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, Photoshop)