Adobe Security Bulletin

Security update available for Creative Cloud Desktop Application | APSB20-11

Bulletin ID	Date Published	Priority
APSB20-11	March 24, 2020	2

Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary file deletion.

Product	Affected version	Platform
Creative Cloud Desktop Application	5.0 and earlier versions	Windows

Note:

To check the version of the Adobe Creative Cloud desktop app:

Launch the Creative Cloud desktop app and sign in with your Adobe ID
Click the gear icon and choose Preferences > General

To check the version of the Adobe Creative Cloud desktop app (5.0 or later):

Launch the Creative Cloud desktop app and sign in with your Adobe ID
Click the Help menu and choose “About Creative Cloud”

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product	Updated version	Platform	Priority rating	Availability
Creative Cloud Desktop Application	5.1	Windows	2	Download Center

The latest Creative Cloud Desktop App installer can be downloaded from the Download Center.

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Time-of-check to time-of-use (TOCTOU) race condition	Arbitrary File Deletion	Critical	CVE-2020-3808

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

Jiadong Lu of South China University of Technology and Zhiniang Peng of Qihoo 360 Core Security (@edwardzpeng)

March 26, 2020: Updated the download link for Creative Cloud Desktop Application.

Adobe Security Bulletin

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgments

Revisions

Ask the Community

Contact Us