====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN591
_____________________________________________________________________

DATE                : 21/10/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, macOS running Adobe Photoshop versions
                                 prior to 21.2.3, 22.0.

=====================================================================
https://helpx.adobe.com/security/products/photoshop/apsb20-63.html
_____________________________________________________________________

Security updates available for Adobe Photoshop | APSB20-63
Bulletin ID     Date Published       Priority
APSB20-63       October 20, 2020         3


Summary

Adobe has released updates for Photoshop for Windows and macOS. These
updates resolve a critical vulnerability.  Successful exploitation could
lead to arbitrary code execution in the context of the current user.


Affected Versions
Product              Affected version                 Platform
Photoshop CC  2019   20.0.10 and earlier version      Windows
Photoshop 2020       21.2.2 and earlier version       Windows


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version via
the Creative Cloud desktop app’s update mechanism.  For more
information, please reference this help page.   

Product        Updated versions         Platform       Priority
Photoshop 2020   21.2.3            Windows and macOS    3
Photoshop 2021   22.0              Windows and macOS    3

Note:

For managed environments, IT administrators can use the Admin Console to
deploy Creative Cloud applications to end users. Refer to this help page
for more information.


Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity    CVE Number
Uncontrolled search path element  Arbitrary code execution    Critical 
	CVE-2020-24420


Acknowledgments

Adobe would like to thank Hou JingYi (@hjy79425575) of Qihoo 360 CERT
for reporting these issues and for working with Adobe to help protect
our customers.   



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================