Adobe closes critical Photoshop vulnerabilities with April updates

Adobe has released security updates for Photoshop, Bridge, Adobe Digital Editions and RoboHelp. The updates eliminate ten security vulnerabilities with some critical ones. Half of the security vulnerabilities have been labeled as critical.

In Photoshop 2020 up to and including version 21.2.6 and Photoshop 2021 up to and including 22.3 for Windows and macOS there are two security vulnerabilities classified as critical (CVE-2021-28548/CVE-2021-285). These are buffer overflows that can be exploited to execute arbitrary code with user rights. This has now been fixed with the updates Photoshop 2020 21.2.7 and Photoshop 2021 22.3.1.

Bridge 10.1.1 and older and Bridge 11.0.1 and older for Windows contain six vulnerabilities, four of which are classified as critical. These can be used to smuggle in arbitrary code and execute it with the rights of the logged on user. Updates to versions 10.1.2 and 11.0.2 for Windows and macOS eliminate these vulnerabilities.

RoboHelp up to version RH2020.0.3 for Windows has a vulnerability (CVE-2021-21070) that Adobe classifies as a high risk. An uncontrolled search path element enables higher authorizations to be achieved. Adobe has closed the gap in RoboHelp RH2020.0.4 for Windows and macOS.

Digital Editions up to 4.5.11.187245 for macOS have a vulnerability identified as critical (CVE-2021-21100), with which injected code can obtain higher permissions to carry out any write operations on the file system.