Threat Watch

Emergency Patches Issued for Photoshop CC

An early discovery today by Adobe led them to address two critical vulnerabilities. Photoshop is the specific host of two critical memory corruption vulnerabilities which give a remote attacker the ability to enact arbitrary code pertaining to the victim. Version 19.1.5 and 19.x from 2018 and versions 18.1.5 and 18.x from 2017 were found to contain vulnerabilities CVE-2018-12810 and CVE-2018-12811. Even though these Remote Code Execution flaws received a critical severity rating, the priority rating is only at a 3, which means “this update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.” Or in other words, the flaws that were found have not been used by attackers in the wild. Users of Photoshop CC should install the latest patches as soon as possible.

ANALYST NOTES