==================================================================== CERT-Renater Note d'Information No. 2020/VULN144 _____________________________________________________________________ DATE : 20/03/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Adobe Photoshop CC 2019, Adobe Photoshop 2020, versions prior to 20.0.9, 21.1.1. ===================================================================== https://helpx.adobe.com/security/products/photoshop/apsb20-14.html _____________________________________________________________________ Security updates available for Adobe Photoshop | APSB20-14 Bulletin ID Date Published Priority APSB20-14 March 17, 2020 3 Summary Adobe has released updates for Photoshop for Windows and macOS. These updates resolve multiple critical and important vulnerabilities. Successful exploitation could lead to arbitrary code execution in the context of the current user. Affected Product Versions Product Affected version Platform Photoshop CC 2019 20.0.8 and earlier Windows and macOS Photoshop 2020 21.1 and earlier Windows and macOS Solution Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page. Product Updated versions Platform Priority Photoshop CC 2019 20.0.9 Windows and macOS 3 Photoshop 2020 21.1.1 Windows and macOS 3 Note: For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information. Vulnerability details Vulnerability Category Vulnerability Impact Severity CVE Number Heap corruption Arbitrary Code Execution Critical CVE-2020-3783 Memory corruption Arbitrary Code Execution Critical CVE-2020-3784 CVE-2020-3785 CVE-2020-3786 CVE-2020-3787 CVE-2020-3788 CVE-2020-3789 CVE-2020-3790 Out-of-bounds read Information Disclosure Important CVE-2020-3771 CVE-2020-3777 CVE-2020-3778 CVE-2020-3781 CVE-2020-3782 CVE-2020-3791 Out-of-bounds write Arbitrary Code Execution Critical CVE-2020-3773 CVE-2020-3779 Buffer errors Arbitrary Code Execution Critical CVE-2020-3770 CVE-2020-3772 CVE-2020-3774 CVE-2020-3775 CVE-2020-3776 CVE-2020-3780 Acknowledgments Adobe would like to thank the following researchers for reporting these issuesand for working with Adobe to help protect our customers: o Francis Provencher working with Trend Micro Zero Day Initiative (CVE-2020-3771, CVE-2020-3778, CVE-2020-3790) o Mat Powell of Trend Micro Zero Day Initiative (CVE-2020-3779, CVE-2020-3780, CVE-2020-3781, CVE-2020-3782) o Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2020-3791) o Yu Zhou working with Trend Micro Zero Day Initiative (CVE-2020-3770, CVE-2020-3772, CVE-2020-3773) o Yu Zhou(@yuzhou6666) of (CVE-2020-3774, CVE-2020-3775, CVE-2020-3776, CVE-2020-3777) o Fortinet (CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, CVE-2020-3789) ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================