Adobe secures Photoshop & Co. out of turn

Adobe secures Photoshop & Co. out of turn

For security reasons, anyone who uses Adobe applications should ensure that the latest versions are installed. Patches are available for Bridge, Captivate, Media Encoder, Photoshop, and the XMP Toolkit SDK. In most cases, the software manufacturer classifies the threat as “critical” a.

Typically, Adobe only releases security updates in bulk once a month. Obviously the vulnerabilities are so dangerous that a release cannot wait. MacOS and Windows are affected by the holes.

In Media Encoder 15.4.1 the developers have a vulnerability (CVE-2021-36070 “high“) closed. By successfully exploiting it, attackers could execute malicious code with the rights of the victim. As usual, Adobe does not provide details of possible attack scenarios.

Photoshop can also act as a loophole for attackers’ code. Here are the issues 21.2.11 and 22.5 secured against it. Most of the vulnerabilities affect Bridge and the XMP Toolkit SDK, which is vulnerable on all platforms. Attackers could target DoS and malicious code attacks at the weak points. The versions Bridge 10.1.3 and 11.1.1 and XMP Toolkit SDK 07/2021 are armed against such attacks.

The developers have released a hotfix for Captivate 2019 that closes a loophole for increasing user rights under macOS.


Leave a Reply

Your email address will not be published.