Adobe has quietly released some critical security updates to Photoshop, Bridge, and Prelude that you need to install ASAP. If you don’t have auto-updates turned on for Adobe Creative Cloud, you’ll want to jump in and update the apps manually right away.
According to the cyber security site ThreatPost, yesterday’s Creative Cloud updates weren’t just bug fixes, and Adobe’s update log description as “Security Updates” doesn’t tell the full story.
In fact, it seems that Mat Powell, a researcher with Trend Micro’s Zero Day Initiative, found a total of 12 Common Vulnerabilities and Exposures (CVEs) across Adobe Photoshop, Adobe Bridge, and Adobe Prelude, that the company set about patching right away. The bugs are described as “out-of-bounds read and write vulnerabilities” that could cause crashes, corrupt sensitive information, or potentially allow someone to execute arbitrary code on Windows devices.
Yesterday’s update fixes five such vulnerabilities in Photoshop, and three in Bridge, though Adobe says they were not aware of any exploits in the wild pre-update, which is good news.
You can read more about these vulnerabilities on ThreatPost, but long story short: if you’re running Photoshop CC 2019 version 20.0.9 or earlier, Photoshop 2020 version 21.2.0 or earlier (for Windows), or Bridge version 10.0.3 or earlier, you should go ahead and update to the latest version ASAP.