#1250907: Adobe March Patch Tuesday Brings Fixes For Photoshop And Digital Editions Bugs
Adobe has released the scheduled monthly update bundle for its products. This Adobe March Patch Tuesday addressed critical vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. This one is a relatively smaller update bundle addressing only two vulnerabilities.
Critical Vulnerabilities In Photoshop And ADE
This month Adobe has patched a critical vulnerability each in its Adobe Photoshop CC and Adobe Digital Editions.
In the case of Adobe Photoshop CC, the researcher Francis Provencher from Trend Micro’s Zero Day Initiative discovered the flaw. He found a heap corruption vulnerability (CVE-2019-7094) that could lead to arbitrary code execution. Describing the flaw in Adobe Photoshop CC in their advisory, Adobe stated,
“Successful exploitation could lead to arbitrary code execution in the context of the current user.”
The flaw affected Photoshop CC versions prior to 19.1.7, and to 20.0.2 for both Windows and MacOS.
Besides, a researcher with moniker albalawi-s reported a Heap Overflow vulnerability in Adobe Digital Editions. The flaw (CVE-2019-7095) could also result in arbitrary code execution. As stated in Adobe’s advisory,
“Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.”
This vulnerability affected ADE versions 18.104.22.168749 and below for Windows platform.
Adobe March Patch Tuesday Fixed The Flaws
With Adobe March Patch Tuesday update bundle, the vendors addressed the above-stated flaws. Allegedly, they fixed the vulnerability CVE-2019-7094 in Photoshop CC version 19.1.8 and 20.0.4 respectively. Whereas, the Adobe Digital Editions version 22.214.171.124048 brings the fix for CVE-2019-7095.
This is the second Patch Tuesday in 2019 that addresses fewer vulnerabilities after January updates.
While this update bundle seems smaller, Adobe already addressed a serious zero-day flaw in Cold Fusion earlier this month. Reportedly, they patched a file upload restriction bypass (CVE-2019-7816) that could lead to arbitrary code execution. The vulnerability demanded emergency patches since the researchers reported active exploits of the flaw in the wild.
|Date added||March 15, 2019, 11:53 p.m.|
|Source||Latest Hacking News|
|CVE||CVE-2019-7094, CVE-2019-7095, CVE-2019-7816)|