CVE-2024-43756
📋 TL;DR
CVE-2024-43756 is a heap-based buffer overflow vulnerability in Adobe Photoshop that could allow arbitrary code execution when a user opens a malicious file. This affects Photoshop Desktop users running versions 24.7.4, 25.11 and earlier. Successful exploitation requires user interaction but could lead to full system compromise.
💻 Affected Systems
- Adobe Photoshop Desktop
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining the same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement.
Likely Case
Local privilege escalation leading to malware installation, credential harvesting, or data exfiltration from the affected system.
If Mitigated
Limited impact if user opens files only from trusted sources and system has application sandboxing or other exploit mitigations.
🎯 Exploit Status
Exploitation requires user to open a specially crafted malicious file. No public exploit code available at this time.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Update to Photoshop 25.12 or later
Vendor Advisory: https://helpx.adobe.com/security/products/photoshop/apsb24-72.html
Restart Required: Yes
Instructions:
1. Open Adobe Creative Cloud application. 2. Navigate to 'Apps' section. 3. Find Photoshop and click 'Update'. 4. Wait for download and installation. 5. Restart Photoshop when prompted.
🔧 Temporary Workarounds
Restrict file opening
allConfigure Photoshop to only open files from trusted locations or disable opening of untrusted file formats.
Application sandboxing
allRun Photoshop in a sandboxed environment to limit potential damage from exploitation.
🧯 If You Can't Patch
- Implement strict file opening policies and user training to avoid opening untrusted Photoshop files
- Deploy endpoint protection with memory corruption exploit prevention capabilities
🔍 How to Verify
Check if Vulnerable:
Check Photoshop version via Help > About Photoshop. If version is 24.7.4, 25.11 or earlier, system is vulnerable.Check Version:
On Windows: Check Photoshop.exe properties. On macOS: Check Photoshop.app Info. Or use Help > About Photoshop in application.Verify Fix Applied:
Verify Photoshop version is 25.12 or later after update. Test opening various Photoshop file types to ensure functionality.📡 Detection & Monitoring
Log Indicators:
- Photoshop crash logs with memory access violations
- Unexpected Photoshop process spawning child processes
- File access to unusual Photoshop file formats
Network Indicators:
- Outbound connections from Photoshop process to unusual destinations
- DNS queries for command and control domains from Photoshop
SIEM Query:
process_name:"Photoshop.exe" AND (event_type:crash OR child_process_spawn:true)