Adobe this week is rolling out a couple of security updates for its popular Photoshop image editing suite for Windows and macOS platforms. The updates resolve “multiple critical vulnerabilities,” according to an advisory released by the vendor.
Adobe describes both CVE-2021-36065 and CVE-2021-36066 as critical memory flaws that can lead to “arbitrary code execution” and gives them a 7.8 grade on the CVSS scale, rating them as critical.
Affected versions include Photoshop 2020 and Photoshop 2021.
Adobe describes a critical bug as being “a vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
Successful exploitation of either of the two bugs “could lead to arbitrary code execution in the context of the current user,” according to the vendor.
Despite rating the flaws as critical, Adobe sets their patching priority at 3. That’s because according to the company’s priority rating system, these updates resolve vulnerabilities in a product that has historically not been a target for attackers – like the beleaguered Adobe Flash multimedia software, for instance.
Nevertheless, Adobe recommends users install the update at their discretion via the Creative Cloud desktop app’s update mechanism. For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users.
Most Photoshop users will likely know this, but it’s important to note that the Creative Cloud desktop app can be configured to update your apps automatically as soon as new versions are released, for maximum peace of mind.
You can control auto-updates for individual apps via the Advanced options, and you can opt to keep using older versions of apps in the Adobe stack for backwards compatibility reasons.