Adobe has released patches for two security vulnerability in its March Security Update. The company today released its security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions.
Both of these vulnerabilities could allow an attacker to achieve arbitrary code execution and take control of an affected system. The good news is that the company found no evidence of any exploits in the wild for these security issues.
The vulnerability in Adobe Photoshop CC, discovered by Trend Micro Zero Day Initiative and assigned CVE-2019-7094, is a heap corruption issue which affects Photoshop CC 19.1.7 and earlier 19.x versions as well as Photoshop CC 20.0.2 and earlier 20.x versions for Microsoft Windows and Apple macOS operating systems.
Another critical vulnerability, assigned as CVE-2019-7095, resides in the company’s ebook reader software program, Adobe Digital Edition, is a heap overflow flaw that affects versions 126.96.36.199749 and below for Microsoft Windows operating system.
Both updates are given a priority rating of 3, which means the vulnerabilities addressed in the updates are unlikely to be exploited in attacks, according to Adobe’s update notes.
Besides releasing security updates, Adobe also announced the long-expected shut down of its Shockwave player for Windows, for which the company will end support on 9 April. The Shockwave player for Apple macOS was discontinued on March 1, 2017.