Adobe – security updates against critical vulnerabilities

Important security updates are available for Adobe Photoshop, Digital Editions and Bridge (Windows, macOS) as well as for the Windows edition of RoboHelp, a help tool for technical content. Some versions of the first three products have critical security vulnerabilities that have been closed with the updates; A hole with an “Important” rating has been removed from RoboHelp. Possible consequences of an attack on the vulnerabilities would be the arbitrary code execution in the context of the current user (Photoshop, Bridge), free write access to the macOS file system (“arbitrary file system write”, Digital Editions) or the expansion of user privileges on Windows systems ( RoboHelp). In contrast to the other products, Adobe Bridge has not just one but six vulnerabilities, two of which were rated “Important” and four as critical.

As usual, Adobe is holding back on vulnerability details in the published security advisories. According to Trend Micros Zero Day Initiative (ZDI), through which the responsible disclosure procedure for several of the vulnerabilities was carried out, no exploit code is publicly known for any of the security gaps, so that no attacks have been observed in the wild so far. Since this can of course change at any time, users of the Adobe products in question should nevertheless update them quickly.

Source: Heise