An attacker may leverage social engineering to convince a victim to open a specially crafted image via email or a website. This may cause Photoshop to execute malicious code if the user had previously opened a malicious image without first taking active steps to close the image in order to prevent further exploitation.

Adobe recommends users update their application to version 23.1.1 or later. Vendors may have released updates for their control systems. As with all software updates, users are advised to check with their vendors to determine what needs to be done.

Security researchers have discovered a vulnerability in Photoshop that may allow an attacker with access to the application to take control of a system by sending them a specially crafted image. End users are advised to apply the patch immediately.

Adobe announced the patch update availability on the following link: https://helpx.adobe.com/security/products/photoshop/apsb17-32.html. Adobe also released an advisory: https://helpx.adobe.com/security/products/photoshop/apsb17-32.html.
A buffer overflow vulnerability has been identified in Adobe Reader versions 13.0.8 and earlier, and 17.0.9 and earlier. Successful exploitation could result in arbitrary code execution.
Significant updates have been made to version 17.0.9. Users are advised to update their software as soon as possible. Vendors may have released updates for their control systems.

Adobe Digital Editions users should update to version 17.0.9 or later as soon as possible

Adobe Digital Editions versions 8 and 9 are not affected by this vulnerability.
Adobe has released an update for Adobe Digital Editions users to address the vulnerability in the software. The company recommends that users update the application immediately.

Adobe Reader and Acrobat

Adobe Reader and Acrobat are commonly used software products that help users open, edit, and print files. The vulnerabilities discovered in these products could allow an attacker to take control of a system by sending them a specially crafted image via email or website. Adobe has released updates to the software to fix the vulnerability.

To get the patches for your computers, you can go to this link: https://helpx.adobe.com/security/products/acrobat-reader/apsb17-32.html
We recommend that end users update their software immediately according to the advisory: https://helpx.adobe.com/security/products/acrobat-reader/apsb17-32.html

Adobe Reader and Acrobat Software Foundation has released an update

Adobe has released a patch for their software which fixes a vulnerability that could allow an attacker to take control of your system by sending them a specially crafted image. To be on the safe side, Adobe recommends updating right away.
End users are advised to apply the patch immediately.

Adobe Reader and Acrobat software

Adobe Reader and Acrobat software is prone to security vulnerabilities that may allow an attacker to take control of the system. Adobe released the following patch update for users in order to address these vulnerabilities:

https://helpx.adobe.com/security/products/acrobatreader/apsb17-36.html
Photoshop CS6 is also affected by this vulnerability, and Adobe released patches for that product as well:
https://helpx.adobe.com/security/products/photoshop-cs6-aurora/apsb17-33.html

Timeline

Published on: 02/16/2022 17:15:00 UTC
Last modified on: 02/24/2022 15:26:00 UTC

References