Security updates available for Creative Cloud Desktop Application | APSB19-39
| Product | Affected version | Platform |
|---|---|---|
| Creative Cloud Desktop Application | 4.6.1 and earlier versions |
Windows and macOS |
To check the version of the Adobe Creative Cloud desktop app:
- Launch the Creative Cloud desktop app and sign in with your Adobe ID
- Click the gear icon and choose Preferences > General
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
| Product | Updated version | Platform | Priority rating | Availability |
|---|---|---|---|---|
| Creative Cloud Desktop Application | 4.9 | Windows and macOS |
2 | Download Center |
| Vulnerability Category | Vulnerability Impact | Severity | CVE Numbers |
| Insecure Transmission of Sensitive Data | Information Leakage | Important | CVE-2019-8063 |
| Security Bypass | Denial of Service | Important | CVE-2019-7957 |
| Insecure Inherited Permissions | Privilege Escalation | Critical | CVE-2019-7958 |
| Using Components with Known Vulnerabilities | Arbitrary Code Execution | Critical | CVE-2019-7959 |
| Security Bypass | Privilege Escalation | Critical | CVE-2019-8236 |
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Eran Shimony of CyberArk Labs (CVE-2019-7957, CVE-2019-8236)
- Rene Arends of Exinit (CVE-2019-7959)
- David Beitey (CVE-2019-8063)
- Aaron Margosis, Microsoft & Kevin J. Crowe (CVE-2019-7958)