Bulletin ID
Last updated on
Security update available for Adobe Creative Cloud Desktop Application | APSB21-111
|
|
Date Published |
Priority |
|---|---|---|
|
APSB21-111 |
November 9, 2021 |
3 |
Summary
Adobe has released an update for the Creative Cloud Desktop for Windows and macOS. This update includes a fix for an important vulnerability that could lead to application denial of service in the context of the current user.
Affected versions
|
Product |
Affected version |
Platform |
|
Creative Cloud Desktop Application |
5.5 and earlier version |
macOS |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Creative Cloud Desktop Application |
5.6 |
macOS |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
Application denial-of-service |
Important |
4.2 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H |
CVE-2021-43017 |
|
Improper Access Control (CWE-284) |
Privilege Escalation |
Important |
7.8 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-43019 |
Acknowledgments
Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:
- CQY of Topsec Alpha Team (CVE-2021-43017)
- Jokubas Arsoba working with Trend Micro Zero Day Initiative (CVE-2021-43019)
Revisions
November 11, 2021: Updated vulnerability details for CVE-2021-43017
November 22, 2021: Published vulnerability details for CVE-2021-43019
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.