Bulletin ID
Last updated on
Security update available for Adobe Creative Cloud Desktop Application | APSB21-18
|
|
Date Published |
Priority |
|---|---|---|
|
ASPB21-18 |
March 09, 2021 |
3 |
Summary
Adobe has released a security update for the Creative Cloud Desktop Application. This update resolves multiple critical vulnerabilities that could lead to arbitrary code execution in the context of current user.
Affected versions
|
Product |
Affected version |
Platform |
|
Creative Cloud Desktop Application |
5.3 and earlier version |
Windows and Mac OS |
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Creative Cloud Desktop Application |
5.4 |
Windows and Mac OS |
3 |
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Arbitrary file overwrite |
Arbitrary Code Execution |
Critical |
CVE-2021-21068 |
|
OS Command Injection |
Arbitrary Code Execution |
Critical |
CVE-2021-21078 |
|
Improper Input Validation |
Privilege escalation |
Critical |
CVE-2021-21069 CVE-2021-28547 |
Acknowledgments
Adobe would like to thank the following researchers for reporting this issue and for working with Adobe to help protect our customers.
- Qingyang Chen of Topsec Alpha Team (CVE-2021-21068, CVE-2021-28547)
- Rookuu working with Trend Micro Zero Day Initiative (CVE-2021-21069)
- Sebastian Fuchs from Star Finanz (CVE-2021-21078)
Revisions
March 26, 2021: Added details for CVE-2021-28547.