Adobe rushes out patch for Photoshop ‘Creative Cloud’

Adobe is warning designers who use its Creative Cloud desktop software to install a security update after proof-of-concept code for a vulnerability in the software was made public.

Organizations that employ creative professionals who use Adobe’s Creative Cloud desktop app, including its flagship design software Photoshop, should prompt staff to install Adobe’s just released security updates for its suite of design apps. 

The bug has been rated important, meaning Adobe doesn’t expect exploits to be released soon and that uses should patch the software in the next month. However, it notes that proof-of-concept code for the vulnerability has been published. 

The bug was reported by Chi Chou, a researcher with Light-Year, the security team behind Chinese payments giant Ant Financial.  

The update is available for macOS and Windows users running Creative Cloud 4.6.0 and earlier. Adobe recommends users launch the Creative Cloud desktop app and sign in with their Adobe account.  

Adobe said the issue is due to its software improperly validating digital certificates, which could allow an attacker to elevate privileges. 

The bug is being tracked as CVE-2018-12829. The updated version is Creative Cloud 4.6.1 for the desktop app.  Additional details from Adobe can be found here.  

In May, the company released security updates for three vulnerabilities affecting Creative Cloud, including a critical flaw found by Chou that also was due to improper validation of certificates.