=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN469
_____________________________________________________________________

DATE                : 15/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Photoshop versions prior to
                                     21.2.12, 22.5.1.

=====================================================================
https://helpx.adobe.com/security/products/photoshop/apsb21-84.html
_____________________________________________________________________


Last updated on Sep 14, 2021

Security updates available for Adobe Photoshop | APSB21-84

Bulletin ID      Date Published         Priority
APSB21-84       September 14, 2021      3


Summary

Adobe has released updates for Photoshop for Windows and macOS. These
updates resolve a critical vulnerability.  Successful exploitation could
lead to arbitrary code execution in the context of the current
user.     


Affected Versions

Product              Affected version                 Platform

Photoshop 2020       21.2.11 and earlier versions     Windows and macOS

Photoshop 2021       22.5  and earlier versions       Windows and macOS


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version via
the Creative Cloud desktop app’s update mechanism.  For more
information, please reference this help page.   


Product            Updated versions      Platform       Priority

Photoshop 2020     21.2.12            Windows and macOS    3

Photoshop 2021     22.5.1             Windows and macOS    3

Note:

For managed environments, IT administrators can use the Admin Console to
deploy Creative Cloud applications to end users. Refer to this help page
for more information.


Vulnerability details

Vulnerability Category    Vulnerability Impact     Severity
CVSS base score       CVSS vector     CVE Number

Buffer Overflow      (CWE-120)    Arbitrary code execution    Critical
7.8      CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H     CVE-2021-40709


Acknowledgments

Adobe would like to thank  CFF of Topsec Alpha Team (cff_123)  for
reporting the relevant issues and for working with Adobe to help protect
our customers.

For more information, visit https://helpx.adobe.com/security.html, or
email PSIRT@adobe.com.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================