Adobe has broken its regular update schedule to provide emergency fixes for critical security vulnerabilities discovered in popular Photoshop, Prelude, and Bridge software. The company has traditionally released fixes for its various products on a monthly basis, but the latest round of fixes came just a week after the conventional security update. A total of thirteen vulnerabilities were resolved, of which twelve were classified as critical, hence the need for swift action by Adobe. Mat Powell, a researcher with the Trend Micro Zero Day Initiative (ZDI), was reportedly tasked with identifying and revealing the issues.
Adobe security update
The update fixed five critical bugs present in Adobe Photoshop CC 2019 (versions 20.0.9 and earlier) and Photoshop 2020 (versions 21.2 and earlier) for Windows. Two are described as out-of-bounds read vulnerabilities and the other three are classified as out-of-bounds write vulnerabilities: hackers could exploit all five to execute code on the target machine. Adobe Bridge asset management software (version 10.1.1 and earlier) has been updated to fix one read out of range failure and two write out of range failures. In this case, the versions of Windows and macOS have been affected. Adobe Prelude, meanwhile, suffered from four similar vulnerabilities, which were also addressed in the unexpected round of fixes. The previous round of security updates, released a week ago, addressed issues in various Adobe Creative Cloud, Media Encoder, ColdFusion, and Download Manager. Users of appropriate Adobe software are encouraged to install the latest updates as soon as possible to reduce the risk of compromise. via ZDNet