CVE-2020-9684
📋 TL;DR
Adobe Photoshop CC 2019 and 2020 contain an out-of-bounds write vulnerability that could allow attackers to execute arbitrary code on affected systems. This affects users running vulnerable versions of Photoshop on Windows or macOS. Successful exploitation requires the victim to open a malicious file.
💻 Affected Systems
- Adobe Photoshop CC
- Adobe Photoshop 2020
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or arbitrary code execution in the context of the current user, allowing file system access, credential harvesting, and installation of additional malware.
If Mitigated
Limited impact due to application sandboxing, user privilege restrictions, and network segmentation preventing lateral movement.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious file). No public exploit code was available at the time of the advisory.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Photoshop CC 2019 version 20.0.11, Photoshop 2020 version 21.2.2
Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb20-45.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to the 'Apps' tab. 3. Find Photoshop in your installed applications. 4. Click 'Update' if available. 5. Follow the update prompts and restart Photoshop when complete.
🔧 Temporary Workarounds
Restrict Photoshop file handling
allConfigure system to prevent Photoshop from opening untrusted files by modifying file associations or using application control policies.
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized Photoshop files
- Use network segmentation to isolate Photoshop workstations from critical systems
🔍 How to Verify
Check if Vulnerable:
Check Photoshop version via Help > About Photoshop in the application menuCheck Version:
On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Photoshop\[Version]\PluginVersion. On macOS: Check /Applications/Adobe Photoshop [Version]/Verify Fix Applied:
Verify version is Photoshop CC 2019 20.0.11 or later, or Photoshop 2020 21.2.2 or later📡 Detection & Monitoring
Log Indicators:
- Unexpected Photoshop crashes
- Photoshop opening unusual file types
- Process creation from Photoshop with unusual parameters
Network Indicators:
- Outbound connections from Photoshop to unusual destinations
- DNS requests for suspicious domains following Photoshop execution
SIEM Query:
Process:Name="photoshop.exe" AND (EventID=1000 OR EventID=1001) | where CommandLine contains suspicious file extensions (.psd, .psb, .tif)