Two new vulnerabilities were discovered after the release of Adobe’s regularly scheduled August 2018 security patch update. This prompted the company to take the unusual step of releasing an emergency, out-of-band update to correct the issue.
These two newly discovered vulnerabilities (tracked as CVE-2018-12810 and CVE-2018-12811) impact Adobe photoshop CC2017, v18.1.5 and earlier 18.x versions, and Adobe Photoshop CC 2018, v19.1.5 and earlier 19.x versions.
It was discovered and initially reported by Kushal Arvind Shah, a security researcher with FortiGuard Labs. The vulnerabilities allow hackers to exploit a pair of critical memory corruption flaws, which allows a them to remotely execute malicious code on the target user’s machine.
Again, it must be stressed that neither of these issues were addressed by the company’s regularly scheduled patch update released earlier this month. Although if you haven’t yet applied that patch, you should. It addresses a total of eleven different security flaws spread across a number of the company’s products including: Flash Player, Acrobat, Reader, Experience Manager and Creative Cloud.
To get the fix for the Photoshop vulnerabilities, you’ll need to go to the company’s website and download the out of band patch designed specifically to address this issue.
It should be noted that both issues, while having been assigned a severity rating of “Critical,” have only been given a priority rating of three. This suggests that these flaws have not been exploited in the wild. That, however, is simply a matter of time. If members of your creative team employ Photoshop to generate graphics for your business, applying the latest patch should be a top priority. To do anything less is to invite an attack against your business.