Headline
CVE-2021-21048: Adobe Security Bulletin
Adobe Photoshop versions 21.2.4 (and earlier) and 22.1.1 (and earlier) are affected by a Memory Corruption vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file
Security updates available for Adobe Photoshop | APSB21-10
Bulletin ID
Date Published
Priority
APSB21-10
February 09, 2021
3
Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user.
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page.
Note:
For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.
Vulnerability Category
Vulnerability Impact
Severity
CVE Number
Out-of-bounds read
Arbitrary code execution
Critical
CVE-2021-21049
CVE-2021-21050
Buffer Overflow
Arbitrary code execution
Critical
CVE-2021-21048
CVE-2021-21051
Out-of-bounds write
Arbitrary code execution
Critical
CVE-2021-21047
Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:
- Tran Van Khang \xe2\x80\x93 khangkito (VinCSS) working with Trend Micro Zero Day Initiative (CVE-2021-21047)
- Francis Provencher {PRL} working with Trend Micro Zero Day Initiative (CVE-2021-21048)
- rgod working with Trend Micro Zero Day Initiative (CVE-2021-21049, CVE-2021-21050)
- guoxi (CVE-2021-21051)