Bulletin ID
Security Updates Available for Adobe Genuine Software Client | APSB20-42
|
Date Published |
Priority |
---|---|---|
APSB20-42 |
July 14, 2020 |
3 |
Summary
Adobe has released updates for the Adobe Genuine Software Client for Windows and macOS. This update resolves important vulnerabilities which could lead to privilege escalation in the context of the current user.
Affected Versions
Product |
Version |
Platform |
---|---|---|
Adobe Genuine Software Client |
Version 6.6 and earlier versions |
Windows and macOS |
To verify the version of Adobe Genuine Software Client installed on your system, please follow the following steps:
- For Windows machines, navigate to C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient
- Right click on AdobeGCClient.exe, select “Properties”.
- Go to “Details” tab, the File Version can be seen within.
Solution
Adobe categorizes these updates with the following priority ratings.
Product |
Version |
Platform |
Priority Rating |
---|---|---|---|
Adobe Genuine Software Client |
7.1 |
Windows and macOS |
3 |
Adobe Genuine Software Client has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet. For more details regarding Adobe Genuine Software Client, please visit here.
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
---|---|---|---|
Insecure library loading |
Privilege Escalation |
Important |
CVE-2020-9667 CVE-2020-9681 |
Mishandling symbolic links |
Privilege Escalation |
Important |
CVE-2020-9668 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Adrian Denkiewicz from CQURE. (CVE-2020-9667)
- Zhongcheng Li (CK01) of Topsec Alpha Team (CVE-2020-9668, CVE-2020-9681)
Revisions
May 05, 2020: Updated Acknowledgements section and Solution Platform section.
November 8, 2022: Updated product name to "Adobe Genuine Software Client"