Adobe releases out of schedule remote code execution fix

The patch resolves two critical flaws which can both lead to remote code execution.
Written by Charlie Osborne, Contributing Writer

Adobe has released a patch to resolve two critical vulnerabilities impacting Photoshop CC which could lead to the remote execution of arbitrary code.

On Wednesday, the tech giant published a security advisory detailing the flaws, which affect Microsoft Windows and Apple macOS machines.

CNET: $5 a year for Photoshop? Yes, as Adobe slashes education pricing

The critical memory corruption vulnerabilities, CVE-2018-12810 and CVE-2018-12811, are found in Photoshop CC 19.1.5 and earlier 19.x versions, as well as 18.1.5 and earlier 18.x versions.

"Successful exploitation could lead to arbitrary code execution in the context of the current user," Adobe says.

Kushal Arvind Shah of Fortinet's FortiGuard Labs discovered and reported the critical flaws to Adobe.

TechRepublic: Adobe Project Rush: Create awesome video on your mobile device

Earlier this month, Adobe patched 11 security holes in Adobe Flash, Acrobat and Reader, Experience Manager, and Creative Cloud as part of the firm's standard patch cycle.

Only two of the security problems were deemed critical, which was a vast improvement on July's patch update, which resolved over 100 bugs including use-after-free, out-of-bounds-write, security bypass, type confusion, buffer error, and heap overflow security flaws.

In related news, earlier this week, Adobe introduced a selection of new email and cross-channel marketing capabilities to Adobe Campaign. Dropbox is also on the table as a content source and is due to become integrated into a beta release later this year.

See also: 'Hacky hack hack': Teen arrested for breaking into Apple's network

15 amazing tech gadgets you need for your home office

Previous and related coverage

Editorial standards