Release date: June 16, 2015
Last updated: August 19, 2015
Vulnerability identifier: APSB15-12
Priority: See table below
CVE number: CVE-2015-3109, CVE-2015-3110, CVE-2015-3111, CVE-2015-3112
Platform: Windows and Macintosh
Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.
Adobe recommends users update their software installation via the application's update mechanism by launching the application, navigating to the Help menu, and clicking "Updates". For more information, please reference this help page.
For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages. Refer to this help page for more information.
Patches for Adobe Photoshop CC 2014 (15.2.3) are also available at the following locations:
Win (64-bit): http://www.adobe.com/support/downloads/detail.jsp?ftpID=5951
Note: These updates will not show in the Applications & Updates section of the Creative Cloud Packager. Please download the patches directly from the links above, and use the option to “Add Offline Media” as described in the workflow documented here.
Adobe categorizes these updates with the following priority rating and recommends users update their installation to the latest version:
|Product||Updated version||Platform||Priority rating|
|Adobe Photoshop CC 2015||16.0 (2015.0.0)||Windows and Macintosh||3|
|Adobe Photoshop CC 2014||15.2.3||Windows and Macintosh||3|
These updates address a critical vulnerability in the software.
Adobe has released an update for Photoshop CC for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system. Adobe recommends users update their product installations to the latest version.
These updates resolve an integer overflow vulnerability that could lead to code execution (CVE-2015-3110).
These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2015-3109, CVE-2015-3112).
These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2015-3111).
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Jeremy Brown of Microsoft Vulnerability Research (CVE-2015-3109)
- Francis Provencher of Protek Research Labs (CVE-2015-3110, CVE-2015-3111, CVE-2015-3112)
August 18, 2015 - As of August 18, patches for Adobe Photoshop CC 2014 (15.2.3) are available via download, or via Cloud Packager for deployments in managed environments. Please reference the Solution section of this bulletin for more details.
August 19, 2015 - Added additional note regarding use of the Creative Cloud Packager for offline media deployments in managed environments.