Product
Last updated on
Security update available for Adobe Photoshop CC
Release date: June 16, 2015
Last updated: August 19, 2015
Vulnerability identifier: APSB15-12
Priority: See table below
CVE number: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Summary
Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
Affected software versions
Adobe Photoshop CC 2014 (15.2.2) (2014.2.2) and earlier versions for Windows and Macintosh
Solution
Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu, and clicking "Updates". For more information, please reference this help page.
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.
Priority and severity ratings
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the latest version:
|
|
Updated version |
Platform |
Priority rating |
|
Adobe Photoshop CC 2015 |
16.0 (2015.0.0) |
Windows and Macintosh |
3 |
|
Adobe Photoshop CC 2014 |
15.2.3 |
Windows and Macintosh |
3 |
These updates address a critical vulnerability in the software.
Details
Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends users update their product installations to the latest version.
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3110).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3109, CVE-2015-3112).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3111).
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Jeremy Brown of Microsoft Vulnerability Research (CVE-2015-3109)
- Francis Provencher of Protek Research Labs (CVE-2015-3110, CVE-2015-3111, CVE-2015-3112)
Revisions
August 18, 2015 - As of August 18, patches for Adobe Photoshop CC 2014 (15.2.3) are available via download, or via Cloud Packager for deployments in managed environments. Please reference the Solution section of this bulletin for more details.
August 19, 2015 - Added additional note regarding use of the Creative Cloud Packager for offline media deployments in managed environments.