Cybersecurity specialists report the detection of two vulnerabilities in Photoshop, the popular photo editing software developed by Adobe Systems Incorporated. According to the report, the successful exploitation of these flaws would allow the deployment of severe cyberattacks.
Below are brief reports of the flaws detected, in addition to their respective identification keys and scores assigned according to the Common Vulnerability Scoring System (CVSS).
CVE-2021-36065: A boundary in the affected software would allow affected users to pass specially crafted data to the application, trigger a heap-based buffer overflow, and execute arbitrary code.
The vulnerability received a CVSS score of 7.7/10 and its successful exploitation would allow the full compromise of the affected system.
CVE-2021-36066: A boundary error when processing unverified entries in affected software would allow remote threat actors to trigger an out-of-bounds writing condition.
The vulnerability received a CVSS score of 7.7/10 and its successful exploitation would allow arbitrary code execution on the target system.
According to the report, these flaws reside in the following versions of Adobe Photoshop: 21.0.1, 21.0.2, 21.1, 21.1.1, 21.2, 21.2.1, 21.2.2, 21.2.3, 21.2.4, 21.2.5, 21.2.6, 21.2.7, 21.2.8, 21.2.9, 21.2.10, 22.1.0, 22.1.1, 22.2, 22.3, 22.3.1, 22.4, 22.4.1, 22.4.2 & 22.4.3.
While vulnerabilities can be exploited by unauthenticated remote threat actors, no active exploit attempts have been detected so far. Security patches are now available, so Photoshop users are encouraged to upgrade to secure versions of the software.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.