Adobe has released emergency security updates for critical vulnerabilities in Photoshop, Prelude and Bridge, revealing a total of 13 vulnerabilities on Tuesday, 12 of which are considered critical.

Currently, 5 vulnerabilities have been resolved in Photoshop CC 2019--20.0.9 and earlier versions and Photoshop 2020--21.2 and earlier versions for Windows. Among them, CVE-2020-9683 and CVE-2020-9686 are out-of-bounds read issues in photo editing software, while CVE-2020-9684, CVE-2020-9685, and CVE-2020-9687 are out-of-bounds write security vulnerabilities. All of these vulnerabilities are considered critical because, if exploited, they could lead to arbitrary code execution.

In Adobe Bridge 10.1.1 and earlier on Windows and macOS, an out-of-bounds read (CVE-2020-9675) and two out-of-bounds write vulnerabilities (CVE-2020-9674, CVE-2020-9676) have been be resolved. If exploited, these critical vulnerabilities could also be used by attackers to execute arbitrary code.

Adobe Prelude has also been included in the emergency patch update, and the vulnerability can also be exploited to perform arbitrary code execution.

IT House has learned that in addition to the fixes released for the above software, Adobe has also released a patch for the "important" vulnerability CVE-2020-9663 of Adobe Reader Mobile on Android mobile devices. The vulnerability is described as a directory traversal issue that, if exploited, could lead to information disclosure.