If patching Photoshop CC sounds like work, try Flash Player for size. Photoshop CC’s last significant fix was issued in May to address CVE-2018-4946 although last week’s patch bundle included one, CVE-2018-5003, which patched a flaw in the Creative Cloud Desktop Application installer for Windows (v4.5.0.324 and earlier). Adobe recommends administrators install the update at their discretion. This update resolves vulnerabilities in a product that has historically not been a target for attackers. Successful exploitation could lead to arbitrary code execution in the context of the current user.īecause of this the fixes are rated ‘critical’ despite having a priority rating of only 3, which in Adobe’s view means that: Reported to Adobe by Fortinet’s Kushal Arvind Shah, the flaws have not yet been revealed in detail beyond the fact they involve remote code execution (RCE) memory corruption triggered by a malicious file. The vulnerabilities are referenced as CVE-2018-12810 and CVE-2018-12811 under Adobe’s identifier APSB18-28. The updated versions are Photoshop CC 2018 v19.1.6 and Photoshop CC 2017 v18.1.6. The vulnerable versions are Photoshop CC 2018 v19.1.5 and earlier and Photoshop CC 2017 v18.1.5 and earlier, on both Windows and macOS. unexpected) rather than out-of-band (usually reserved for vulnerabilities that are being actively exploited), but Photoshop CC users should still apply them within a reasonable timeframe.
This probably qualifies them as unscheduled (i.e. Barely a week on from Adobe’s scheduled monthly patch excitement, the company is back with an urgent fix for two critical vulnerabilities affecting Photoshop Creative Cloud (CC) for Windows and macOS.
0 kommentar(er)
