Update for Photoshop and Illustrator available

Adobe has published a number of security updates available. These include Illustrator, Photoshop, Bridge, Captivate, and other programs.

The manufacturer eliminates security vulnerabilities in seven programs: Campaign Classic, Photoshop, Illustrator, Animate, InCopy, Captivate and Bridge. Seven of these vulnerabilities are identified as critical.

Photoshop 2021 22.x up to and including version 22.1 for Windows and macOS contains a security vulnerability classified as critical (CVE-2021-21006). Photoshop 21.x is not affected. A buffer overflow could be used to inject and execute arbitrary code. An update to Photoshop 2021 22.1.1 can help.

Illustrator 2020 up to and including 25.0 for Windows has a vulnerability identified as critical (CVE-2021-21007). An insecure search path element can cause injected code to run. An update to version 25.1, available for Windows and macOS, fixes the problem.

The same vulnerability (CVE-2021-21008) also exists in Animate 21.0 (and earlier) for Windows. Adobe has released an update to version 21.0.1 for Windows and macOS. InCopy 15.1.3 (and earlier) also has this problem, which is listed here as CVE-2021-21010. An update to InCopy 16.0 corrects the problem. And Captivate 2019 up to and including version 11.5.1.499 suffers from the search path problem (CVE-2021-21011), which Adobe does not find that problematic here and eliminates it with a hotfix.

Adobe Bridge for Windows contains two vulnerabilities classified as critical up to and including version 11.0 (CVE-2021-21012, -21013). Infiltrated code could be executed due to write accesses that exceed memory limits. The update to version 11.0.1 is also available for macOS.

Finally, there are updates for Adobe Campaign Classic for Windows and Linux that close a critical server-side request forgery (SSRF) vulnerability (server-side request forgery, CVE-2021-21009). The vulnerability could expose sensitive data.