CVE-2024-20753
📋 TL;DR
Adobe Photoshop Desktop versions 24.7.3, 25.7 and earlier contain an out-of-bounds read vulnerability when parsing malicious files. An attacker could exploit this to execute arbitrary code with the privileges of the current user. This affects all users who open untrusted Photoshop files.
💻 Affected Systems
- Adobe Photoshop Desktop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise via arbitrary code execution with user privileges, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Limited code execution within Photoshop's context, potentially allowing file system access, data exfiltration, or installation of additional malware.
If Mitigated
Denial of service (application crash) if memory protections prevent full code execution.
🎯 Exploit Status
Exploitation requires user interaction (opening malicious file) and bypassing memory protections.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Photoshop 24.7.4 or 25.8 (or later)
Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb24-27.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' tab. 3. Find Photoshop and click 'Update'. 4. Restart Photoshop after update completes.
🔧 Temporary Workarounds
Restrict file opening
allOnly open Photoshop files from trusted sources; implement application whitelisting to block Photoshop from opening untrusted files.
Run with reduced privileges
windowsRun Photoshop with standard user privileges (not administrator) to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement application control to block Photoshop execution entirely if not business-critical
- Use sandboxing or virtualization to isolate Photoshop when opening untrusted files
🔍 How to Verify
Check if Vulnerable:
Check Photoshop version via Help > About Photoshop in application or Adobe Creative Cloud interface.Check Version:
On Windows: Check 'About Photoshop' dialog or Creative Cloud app. On macOS: Photoshop > About Photoshop.Verify Fix Applied:
Verify Photoshop version is 24.7.4 or higher (for version 24) or 25.8 or higher (for version 25).📡 Detection & Monitoring
Log Indicators:
- Photoshop crash logs with memory access violations
- Unexpected child processes spawned from Photoshop
Network Indicators:
- Unusual outbound connections from Photoshop process
SIEM Query:
Process creation where parent_process contains 'photoshop' AND (process_name contains 'cmd' OR process_name contains 'powershell' OR process_name contains 'bash')