Fortinet has found a critical flaw in Photoshop Creative Cloud (Photoshop CC) software for Windows and macOS.
According to the cybersecurity company, the critical flaw, which can be exploited by malicious files, came from an unscheduled update, as well as fixes up critical memory corruption bugs which leave vulnerable systems open to remote code execution (RCE).
The Photoshop versions affected on Windows and MacOs include:
- Photoshop CC 2018 19.1.5
- Photoshop CC 2017 18.1.5
- Photoshop CC 2018 19.1.6
- Photoshop CC 2017 18.1.6.
Full details on the vulnerabilities are soon to be released, given the Common Vulnerabilities and Exposures assignments CVE-2018-12810 and CVE-2018-12811.
In spite of the “critical” rating, Adobe also gave the patch a priority of the latest bugs. This is because of being found “in a product that has historically not been a target for attackers.”
Written by Leah Alger