Adobe Photoshop can be hacked — how to protect yourself right now

The Adobe Photoshop logo displayed on a computer screen.
(Image credit: Sharaf Maksumov/Shutterstock)

If you're using Adobe Photoshop on Windows, it's time to patch. Adobe yesterday (July 21) released Photoshop CC 2019 version 20.0.10 and Photoshop CC 2020 version 21.2.1 to fix five "critical" security flaws that could let attackers run software on your machine. 

Adobe also released patches to fix seven critical flaws in the Adobe Bridge data-asset-management software and the Adobe Prelude media-ingest tool, bringing those to versions 10.1.1 and 9.0.1, respectively. 

These are all "out of bounds" updates separate from the monthly scheduled Adobe "Patch Tuesday" updates, which underlines the urgency of yesterday's patches. 

Mac users are urged to update to the latest versions of these programs as well, although there don't seem to be any documented flaws in the Mac software. There's also an update to version 20.3 for Adobe Reader Mobile for Android to fix one "important" issue.

Instructions for updating these Adobe programs, or to set them to automatically update, are on the Adobe customer-assistance subdomain.

The saving grace with these Adobe Windows flaws is that they're limited to the privileges of the logged-in Windows user. So if you're using an Adobe product with a limited-user account, the flaws can't be exploited to install, modify or delete software. 

But if you're using an administrator account, these Adobe flaws can be exploited to do much more damage, such as being able to install malicious software. 

This is a common occurrence with software flaws and malware infections, and it's the main reason Tom's Guide urges Windows users to use limited accounts for their daily computing needs and to use administrator accounts only when making software or system changes. 

Paul Wagenseil

Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.