0

Adobe has released patches for two security vulnerability in its March Security Update. The company today released its security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions.

Both of these vulnerabilities could allow an attacker to achieve arbitrary code execution and take control of an affected system. The good news is that the company found no evidence of any exploits in the wild for these security issues.

The vulnerability in Adobe Photoshop CC, discovered by Trend Micro Zero Day Initiative and assigned CVE-2019-7094, is a heap corruption issue which affects Photoshop CC 19.1.7 and earlier 19.x versions as well as Photoshop CC 20.0.2 and earlier 20.x versions for Microsoft Windows and Apple macOS operating systems.

Another critical vulnerability, assigned as CVE-2019-7095, resides in the company’s ebook reader software program, Adobe Digital Edition, is a heap overflow flaw that affects versions 4.5.10.185749 and below for Microsoft Windows operating system.

Both updates are given a priority rating of 3, which means the vulnerabilities addressed in the updates are unlikely to be exploited in attacks, according to Adobe’s update notes.

Besides releasing security updates, Adobe also announced the long-expected shut down of its Shockwave player for Windows, for which the company will end support on 9 April. The Shockwave player for Apple macOS was discontinued on March 1, 2017.

Dawood Khan
Founder and Editor-in-Chief of 'Hack Hex,' Information Security professional, developer, whitehat hacker and an amateur guitarist.

Comments

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

You may also like