News 2 min read

Adobe issues an emergency security patch for Photoshop CC

5 minutes Adobe rushes to fix an emergency security flaw in Photoshop Creative Cloud Adobe photoshop cc security patch Adobe informs about critical flaws in Photoshop Creative Cloud on August 22. Researchers say that these vulnerabilities could help hackers enable remote code execution in Photoshop. Even though the release of the patches is unscheduled, both […]

Adobe photoshop cc security patch
0 Comments
5 minutes

Adobe rushes to fix an emergency security flaw in Photoshop Creative Cloud

Adobe photoshop cc security patch
Adobe photoshop cc security patch

Adobe informs about critical flaws in Photoshop Creative Cloud on August 22. Researchers say that these vulnerabilities could help hackers enable remote code execution in Photoshop. Even though the release of the patches is unscheduled, both Windows and Mac OS users are advised to update their applications immediately. 

IT experts note that the following versions of Adobe Photoshop CC might be affected:

  • Photoshop CC 2018 version 19.1.5 and earlier;
  • Photoshop CC 2017 version 18.1.5 and earlier.

Adobe security patches update Photoshop CC 2018 and Photoshop CC 2017 to 19.1.6 and 18.1.6 versions on Mac and Windows operating systems. These emergency upgrades help avoid remote code execution (RCE) identified under CVE-2018-12810 and CVE-2018-12811 numbers. 

The peculiarities of memory corruption vulnerabilities

According to the researchers, if a malicious file would enter the system with a vulnerable Photoshop CC program, it could trigger the execution of a bogus code hidden inside the images. Additionally, security experts note that the remote code execution is in the context of the current user.

Successful exploitation could lead to arbitrary code execution in the context of the current user.

Adobe explicitly thanks for Kushal Arvind Shah, the security researcher at Fortinet's FortiGuard Labs for informing about two critical bugs present on Photoshop CC. Also, the IT specialist helped to resolve the issue and ensure Adobe consumer protection:

Adobe would like to thank Kushal Arvind Shah of Fortinet's FortiGuard Labs for reporting these issues and for working with Adobe to help protect our customers. 

Two patches were not included in the Patch Tuesday Cycle

Even though these vulnerabilities were the only ones reported as critical, they were not included in the Patch Tuesday cycle along with other 70 ones released by Microsoft and Adobe. The issued patched covered Acrobat Reader, Experience Manager, Flash, and another flaw in the Creative Cloud. 

As the bugs were listed as critical, Adobe and other security researchers encourage all users to update their programs as soon as possible to avoid potential attacks:

Adobe recommends users update their software installations via each application's update mechanism by launching each application, navigating to the Help menu, and clicking “Updates.” For more information, please reference this help page.

Did this fix work for you?
Gabriel E. Hall

Written by

Malware Removal Expert
Malware removal Ransomware recovery Browser hijackers Spyware analysis Security tools testing

Gabriel E. Hall is a malware removal expert and cybersecurity researcher with over ten years of hands-on experience analysing threats and writing removal guides. She has documented hundreds of malware families — from browser hijackers and adware to ransomware and rootkits — providing step-by-step cleanup instructions tested against real infections. Gabriel's work combines deep technical analysis with clear, actionable language that readers without a security background can follow. Her guides consistently appear among the most-referenced resources for malware removal on Windows systems.

0 Comments

Be the first to comment

Still worried? Run a free check.

Paste any URL or domain — we'll scan it against 4.2M known threats in 10 seconds.

View full scanner → Add to your website →