Adobe released an out-of-band security update earlier today to address two critical remote code execution vulnerabilities impacting Adobe Photoshop CC for Microsoft Windows and Apple macOS machines.
According to the security advisory published Wednesday by Adobe, its Photoshop CC software is vulnerable to two critical memory corruption vulnerabilities, which could allow a remote attacker to execute arbitrary code in the context of the targeted user.
The vulnerabilities, identified as CVE-2018-12810 and CVE-2018-12811, impact Adobe Photoshop CC 2018 version 19.1.5 and earlier 19.x versions, as well as Adobe Photoshop CC 2017 version 18.1.5 and earlier 18.x versions.
The critical security flaws were discovered and reported by Kushal Arvind Shah of Fortinet’s FortiGuard Labs, and have now been addressed by Adobe with the release of Photoshop CC versions 19.1.6 and 18.1.6.
It should be noted that these RCE vulnerabilities were not part of August 2018 security patch updates released by the company last week to address a total of 11 security flaws in its Flash Player, Acrobat and Reader, Experience Manager, and Creative Cloud.
However, only two of the security bugs patched in this month’s update were deemed critical in severity, while none of the flaws have been exploited in the wild.
Although the newly patched RCE flaws have been assigned a “critical” severity rating, they have been given a priority rating of 3, which also suggests that the flaws have not been targeted by malicious actors in the wild.
More details about the critical RCE vulnerabilities are not available at the moment.