CVE-2021-36066
📋 TL;DR
This CVE describes an out-of-bounds write vulnerability in Adobe Photoshop that could allow an attacker to execute arbitrary code on a victim's system. The vulnerability affects users running Photoshop versions 21.2.10 and earlier or 22.4.3 and earlier. Exploitation requires user interaction through opening a malicious file.
💻 Affected Systems
- Adobe Photoshop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control of the victim's computer in the context of the current user, potentially leading to data theft, ransomware deployment, or lateral movement within the network.
Likely Case
Local privilege escalation leading to unauthorized access to sensitive files, installation of malware, or persistence mechanisms on the affected system.
If Mitigated
Limited impact with proper application sandboxing, least privilege user accounts, and file execution restrictions preventing malicious file execution.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and bypassing potential mitigations like ASLR/DEP. No public exploit code has been disclosed.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Photoshop 21.2.11 and 22.4.4
Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb21-68.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Photoshop in your installed apps. 4. Click 'Update' button. 5. Restart Photoshop after update completes.
🔧 Temporary Workarounds
Restrict file execution
allBlock execution of Photoshop files from untrusted sources using application control policies
User education
allTrain users to only open Photoshop files from trusted sources and verify file integrity
🧯 If You Can't Patch
- Implement application whitelisting to prevent execution of unauthorized Photoshop files
- Run Photoshop with reduced privileges using sandboxing or limited user accounts
🔍 How to Verify
Check if Vulnerable:
Check Photoshop version via Help > About Photoshop in the application menuCheck Version:
On Windows: Check registry at HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Photoshop\[version]\Version. On macOS: Check /Applications/Adobe Photoshop [version]/Adobe Photoshop [version].app/Contents/Info.plistVerify Fix Applied:
Verify version is 21.2.11 or higher for Photoshop 21.x, or 22.4.4 or higher for Photoshop 22.x📡 Detection & Monitoring
Log Indicators:
- Application crashes of Photoshop with memory access violations
- Unexpected child processes spawned from Photoshop
Network Indicators:
- Unusual outbound connections from Photoshop process
SIEM Query:
Process creation where parent process contains 'photoshop' AND (process name contains 'cmd' OR process name contains 'powershell' OR process name contains 'wscript')