CVE-2020-9687
📋 TL;DR
This vulnerability in Adobe Photoshop allows attackers to write data beyond allocated memory boundaries, potentially leading to arbitrary code execution. Users of Photoshop CC 2019 and Photoshop 2020 on Windows and macOS are affected. An attacker could exploit this by tricking a user into opening a malicious file.
💻 Affected Systems
- Adobe Photoshop CC 2019
- Adobe Photoshop 2020
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the affected system, data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation or remote code execution when a user opens a malicious Photoshop file, potentially leading to malware installation or data exfiltration.
If Mitigated
Limited impact with proper application sandboxing, least privilege principles, and network segmentation preventing lateral movement.
🎯 Exploit Status
Exploitation requires user interaction (opening a malicious file). No public exploit code was available at the time of disclosure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Photoshop CC 2019 version 20.0.8 and later, Photoshop 2020 version 21.2.1 and later
Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb20-45.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to the 'Apps' tab. 3. Find Photoshop in your installed applications. 4. Click 'Update' if available. 5. Restart Photoshop after update completes.
🔧 Temporary Workarounds
Disable file opening from untrusted sources
allPrevent Photoshop from opening files from untrusted locations like email attachments or web downloads.
Use application sandboxing
allRun Photoshop in a sandboxed environment to limit potential damage from exploitation.
🧯 If You Can't Patch
- Restrict Photoshop usage to trusted files only from internal sources
- Implement network segmentation to isolate Photoshop workstations from critical systems
🔍 How to Verify
Check if Vulnerable:
Check Photoshop version via Help > About Photoshop. If version is earlier than 20.0.8 for CC 2019 or 21.2.1 for 2020, the system is vulnerable.Check Version:
Photoshop: Help > About Photoshop. Windows: wmic product where name='Adobe Photoshop' get version. macOS: /Applications/Adobe Photoshop */Adobe Photoshop.app/Contents/Info.plistVerify Fix Applied:
Verify Photoshop version is 20.0.8 or later for CC 2019, or 21.2.1 or later for 2020 via Help > About Photoshop.📡 Detection & Monitoring
Log Indicators:
- Photoshop crash logs with memory access violations
- Unexpected Photoshop process spawning child processes
- Photoshop accessing unusual files or network resources
Network Indicators:
- Photoshop process making unexpected outbound connections
- DNS requests for known malicious domains from Photoshop process
SIEM Query:
process_name='photoshop.exe' AND (event_id=1000 OR event_id=1001) AND description CONTAINS 'access violation'