Adobe Security Bulletin

Security updates available for Adobe Photoshop CC and Bridge CC

Release date: February 9, 2016

Vulnerability identifier: APSB16-03

Priority: 3

CVE number: CVE-2016-0951, CVE-2016-0952, CVE-2016-0953

Platform: Windows and Macintosh

Summary

Adobe has released updates for Photoshop CC and Bridge CC for Windows and Macintosh. These updates address critical security vulnerabilities that could potentially allow an attacker to take control of the affected system.

Affected software versions

Product Affected version Platform
Adobe Photoshop CC 16.1.1 (2015.1.1) and earlier versions Windows and Macintosh
Adobe Bridge CC 6.1.1 and earlier versions Windows and Macintosh

Solution

Product Updated version Platform Priority rating
Adobe Photoshop CC 2015 16.1.2 (2015.1.2) Windows and Macintosh 3
Adobe Photoshop CC 2014 15.2.4 (2014.2.4) Windows and Macintosh 3
Adobe Bridge CC 6.2 Windows and Macintosh 3

Adobe recommends users update Photoshop CC 2015 and Bridge CC by launching each application, navigating to the Help menu, and clicking "Updates."  For more information, please reference this help page.

The Photoshop CC 2014.2.4 (15.2.4) update is only available via download using the links below:

Note: The 15.2.4 updates are not available by selecting Help > Updates from the application and will not show in the Applications & Updates section of the Creative Cloud application or the Creative Cloud Packager. Please download the patches directly from the links above.

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages using the option to "Add Offline Media" as described in the workflow documented here.

Refer to this help page for more information on the Creative Cloud Packager. 

Vulnerability details

  • These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2016-0951, CVE-2016-0952, CVE-2016-0953).

Acknowledgments

Adobe would like to thank Francis Provencher of COSIG (CVE-2016-0951, CVE-2016-0952, CVE-2016-0953) for working with Adobe to help protect our customers.