某些 Creative Cloud 应用程序、服务和功能在中国不可用。
| Product | Affected version | Platform |
|---|---|---|
| Photoshop CC 2019 | 20.0.8 and earlier | Windows and macOS |
| Photoshop 2020 | 21.1 and earlier | Windows and macOS |
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page.
| Product | Updated versions | Platform | Priority |
|---|---|---|---|
| Photoshop CC 2019 | 20.0.9 | Windows and macOS | 3 |
| Photoshop 2020 | 21.1.1 | Windows and macOS | 3 |
Note:
For managed environments, IT administrators can use the Admin Console to deploy Creative Cloud applications to end users. Refer to this help page for more information.
| Vulnerability Category | Vulnerability Impact | Severity | CVE Number |
|---|---|---|---|
| Heap corruption |
Arbitrary Code Execution |
Critical |
CVE-2020-3783 |
| Memory corruption | Arbitrary Code Execution | Critical | CVE-2020-3784 CVE-2020-3785 CVE-2020-3786 CVE-2020-3787 CVE-2020-3788 CVE-2020-3789 CVE-2020-3790 |
| Out-of-bounds read |
Information Disclosure |
Important |
CVE-2020-3771 CVE-2020-3777 CVE-2020-3778 CVE-2020-3781 CVE-2020-3782 CVE-2020-3791 |
| Out-of-bounds write |
Arbitrary Code Execution |
Critical |
CVE-2020-3773 CVE-2020-3779 |
| Buffer errors |
Arbitrary Code Execution |
Critical |
CVE-2020-3770 CVE-2020-3772 CVE-2020-3774 CVE-2020-3775 CVE-2020-3776 CVE-2020-3780 |
Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:
- Francis Provencher working with Trend Micro Zero Day Initiative (CVE-2020-3771, CVE-2020-3778, CVE-2020-3790)
- Mat Powell of Trend Micro Zero Day Initiative (CVE-2020-3779, CVE-2020-3780, CVE-2020-3781, CVE-2020-3782)
- Steven Seeley (mr_me) of Source Incite working with Trend Micro Zero Day Initiative (CVE-2020-3791)
- Yu Zhou working with Trend Micro Zero Day Initiative (CVE-2020-3770, CVE-2020-3772, CVE-2020-3773)
- Yu Zhou(@yuzhou6666) of 小鸡帮 (CVE-2020-3774, CVE-2020-3775, CVE-2020-3776, CVE-2020-3777)
- Kushal Arvind Shah of Fortinet's FortiGuard Labs (CVE-2020-3783, CVE-2020-3784, CVE-2020-3785, CVE-2020-3786, CVE-2020-3787, CVE-2020-3788, CVE-2020-3789)