The company today released its monthly security updates to address two critical arbitrary code execution vulnerabilities—one in Adobe Photoshop CC and another in Adobe Digital Editions.
Upon successful exploitation, both critical vulnerabilities could allow an attacker to achieve arbitrary code execution in the context of the current user and take control of an affected system.
However, the good news is that the company found no evidence of any exploits in the wild for these security issues, Adobe said.
The vulnerability in Adobe Photoshop CC, discovered by Trend Micro Zero Day Initiative and assigned CVE-2019-7094, is a heap corruption issue which affects Photoshop CC 19.1.7 and earlier 19.x versions as well as Photoshop CC 20.0.2 and earlier 20.x versions for Microsoft Windows and Apple macOS operating systems.
Users are recommended to update their software to Adobe Photoshop CC version 19.1.8 and Photoshop CC version 20.0.4 for Windows and macOS.
The other critical vulnerability, assigned as CVE-2019-7095, resides in the company's ebook reader software program, Adobe Digital Edition, is a heap overflow flaw that affects versions 22.214.171.124749 and below for Microsoft Windows operating system.
Users are advised to update their software to Adobe Digital Edition version 126.96.36.199048.
Both updates are given a priority rating of 3, which means the vulnerabilities addressed in the updates are unlikely to be exploited in attacks, according to Adobe's update notes.
Earlier this month, Adobe also rolled out an emergency patch update for a critical arbitrary code execution vulnerability (CVE-2019-7816) in its ColdFusion web application development platform that's actively being exploited in the wild.
Therefore, users of affected Adobe software for Windows and macOS systems are urged to update their software packages to the latest versions as soon as possible.
Besides releasing security updates, Adobe also announced the long-expected shut down of its Shockwave player for Windows, for which the company will end support on 9 April. The Shockwave player for Apple macOS was discontinued on March 1, 2017.