Adobe March Patch Tuesday Brings Fixes For Photoshop And Digital Editions Bugs

  • 4
  • 2

Adobe has released the scheduled monthly update bundle for its products. This Adobe March Patch Tuesday addressed critical vulnerabilities in Adobe Photoshop CC and Adobe Digital Editions. This one is a relatively smaller update bundle addressing only two vulnerabilities.

Critical Vulnerabilities In Photoshop And ADE

This month Adobe has patched a critical vulnerability each in its Adobe Photoshop CC and Adobe Digital Editions.

In the case of Adobe Photoshop CC, the researcher Francis Provencher from Trend Micro’s Zero Day Initiative discovered the flaw. He found a heap corruption vulnerability (CVE-2019-7094) that could lead to arbitrary code execution. Describing the flaw in Adobe Photoshop CC in their advisory, Adobe stated,

“Successful exploitation could lead to arbitrary code execution in the context of the current user.”

The flaw affected Photoshop CC versions prior to 19.1.7, and to 20.0.2 for both Windows and MacOS.

Besides, a researcher with moniker albalawi-s reported a Heap Overflow vulnerability in Adobe Digital Editions. The flaw (CVE-2019-7095) could also result in arbitrary code execution. As stated in Adobe’s advisory,

“Successful exploitation could lead to Arbitrary Code Execution in the context of the current user.”

This vulnerability affected ADE versions and below for Windows platform.

Adobe March Patch Tuesday Fixed The Flaws

With Adobe March Patch Tuesday update bundle, the vendors addressed the above-stated flaws. Allegedly, they fixed the vulnerability CVE-2019-7094 in Photoshop CC version 19.1.8 and 20.0.4 respectively. Whereas, the Adobe Digital Editions version brings the fix for CVE-2019-7095.

This is the second Patch Tuesday in 2019 that addresses fewer vulnerabilities after January updates.

While this update bundle seems smaller, Adobe already addressed a serious zero-day flaw in Cold Fusion earlier this month. Reportedly, they patched a file upload restriction bypass (CVE-2019-7816) that could lead to arbitrary code execution. The vulnerability demanded emergency patches since the researchers reported active exploits of the flaw in the wild.

Let us know your thoughts in the comments section.


Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!