Do you use Adobe Photoshop, Bridge, or Prelude? If so, and even if you’re not normally quick to apply security patches issued by the company, you’ll want to give the most recent patch from Adobe priority.
The company’s most recent patch addresses an even dozen critical security flaws that could allow an attacker to execute arbitrary code on Windows machines.
On top of that, the latest patch fixes an issue with Adobe Reader Mobile for Android users that fixes an information disclosure bug.
Here’s a quick summary of the Adobe patch:
The version of Adobe Bridge you want to install is 10.1.1, which addresses the issues tracked as:
- CVE-2020-9675 (Out of Bounds Read)
- CVE-2020-9674 (Out of Bounds Write)
- CVE-2020-9676 (Out of Bounds Write)
For Adobe Photoshop, grab version CC 2019.20.0.10 or CC 21.2.1, both of which address the issues tracked as:
- CVE-2020-9683 (Out of Bounds Read)
- CVE-2020-9686 (Out of Bounds Read)
- CVE-2020-9684 (Out of Bounds Write)
- CVE-2020-9685 (Out of Bounds Write)
- CVE-2020-9687 (Out of Bounds Write)
If you’re an Adobe Prelude user, the version you want to look for and install is Adobe Prelude 9.01, which addresses issues tracked as:
- CVE-2020-9677 (Out of Bounds Read)
- CVE-2020-9679 (Out of Bounds Read)
- CVE-2020-9678 (Out of Bounds Write)
- CVE-2020-9680 (Out of Bounds Write)
Finally, if you’re an Adobe Reader Mobile user with an Android device, the version you want to install is Adobe Reader Mobile 20.3, which addresses the issue tracked as CVE-2020-9663.
If there’s a silver lining to the issues addressed by these patches it is in the fact that if the user has standard privileges on a Windows-based machine, the risks addressed by these patches will be significantly reduced.
Even so, that’s not something that holds true for everyone. Even if you’re not in the habit of installing security patches right away, you’ll definitely want to make an exception for these.
