Accessibility

Security bulletin

Security update available for Adobe Photoshop CS6

Release date: August 30, 2012

Last updated: August 31, 2012

Vulnerability identifier: APSB12-20

Priority: 3

CVE number: CVE-2012-4170, CVE-2012-0275

Platform: Windows and Macintosh

Summary

Adobe has released a security update for Adobe Photoshop CS6 (13.0) for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.

Note that Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh are not affected by these vulnerabilities. No update is required for users of Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh.

Affected software versions

Adobe Photoshop CS6 (13.0) for Windows and Macintosh

(Note: Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh are not affected by these vulnerabilities. No update is required for users of Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh.)

Solution

Adobe has released Adobe Photoshop CS6 (13.0.1) to address the vulnerabilities highlighted in this security bulletin.

Adobe recommends users of Adobe Photoshop CS6 (13.0) update their product installations by following the instructions provided in the technote: http://blogs.adobe.com/photoshopdotcom/2012/08/photoshop-cs6-13-0-1-update-now-available.html.

Priority and Severity ratings

Adobe categorizes this update with the following priority rating:

Product
Updated Version
Platform
Priority Rating
Adobe Photoshop CS6 (13.0.1) Windows and Macintosh
3


This update addresses critical vulnerabilities in the software.

Details

Adobe has released a security update for Adobe Photoshop CS6 (13.0) for Windows and Macintosh. This update addresses vulnerabilities that could allow an attacker who successfully exploits these vulnerabilities to take control of the affected system.

Note that Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh are not affected by these vulnerabilities. No update is required for users of Adobe Photoshop CS5.1 (12.1.1) and Adobe Photoshop CS5 (12.0.5) and earlier versions for Windows and Macintosh.

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-4170).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2012-0275).

Acknowledgments

Adobe would like to thank the following individual and organization for reporting the relevant issues and for working with Adobe to help protect our customers:

revisions

August 31, 2012 - Added information regarding CVE-2012-0275