Adobe Patches Slew of Critical Security Bugs in Bridge, Photoshop

Cyber Security News

The security bugs could open the door for arbitrary code-execution and full takeover of targeted machines.

Adobe has released security patches tackling four critical vulnerabilities in Adobe Bridge, along with other critical and important-rated updates for bugs in Adobe Digital Editions, Adobe Photoshop and RoboHelp.

In all, Adobe fixed 10 security holes in its products during its scheduled April updates, seven of them listed as critical.

Adobe Bridge is a creative-asset manager that helps users preview, organize, edit and publish multiple creative assets in a streamlined way. It contains the four critical bugs as well as two “important” vulnerabilities:

  • CVE-2021-21093 and CVE-2021-21092 are critical memory-corruption issues leading to arbitrary code execution;
  • CVE-2021-21094 and CVE-2021-21095 are critical out-of-bounds write bugs also leading to arbitrary code execution;
  • CVE-2021-21091 is an important out-of-bounds read issue that could lead to information disclosure;
  • And CVE-2021-21096 stems from improper authorization and allows privilege escalation.

The fully patched versions. Source: Adobe

Other Adobe Patches for April

Adobe also addressed two critical vulnerabilities in Photoshop, its popular photo-editing software (CVE-2021-28548 and CVE-2021-28549). Both are buffer-overflow bugs that allow arbitrary code execution.

The fully patched versions. Source: Adobe

The company also patched a final critical vulnerability in Adobe Digital Editions, CVE-2021-21100, which is a privilege-escalation problem allowing an arbitrary file-system write. Digital Editions is Adobe’s e-Book reader software used for acquiring, managing and reading e-books, digital newspapers and other digital publications.

The fully patched version. Source: Adobe

And finally, Adobe patched one important-rated vulnerability in RoboHelp, which is a platform for authoring technical articles and how-tos. The bug, tracked as CVE-2021-21070, is an uncontrolled search path element that could allow privilege escalation.

The fully patched version. Source: Adobe

Users can enable auto-updates for the bugs by going to Help > Check for Updates.

Ever wonder what goes on in underground cybercrime forums? Find out on April 21 at 2 p.m. ET during a FREE Threatpost event, “Underground Markets: A Tour of the Dark Economy.” Experts will take you on a guided tour of the Dark Web, including what’s for sale, how much it costs, how hackers work together and the latest tools available for hackers. Register here for the Wed., April 21 LIVE event.