Bulletin ID
Security Updates Available for Adobe Genuine Software Client | APSB21-81
|
Date Published |
Priority |
---|---|---|
APSB21-81 |
September 14, 2020 |
3 |
Summary
Adobe has released updates for Adobe Genuine Software Client for Windows and macOS. This update resolves a critical vulnerability that could lead to privilege escalation in the context of the current user.
Affected Versions
Product |
Version |
Platform |
---|---|---|
Adobe Genuine Software Client |
7.3 and earlier versions |
Windows and macOS |
To verify the version of Adobe Genuine Software Client installed on your system, please follow the following steps:
For Windows machines:
- Navigate to C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient
- Right click on AdobeGCClient.exe, select “Properties”.
- Go to “Details” tab, the File Version can be seen within.
For mac machines:
- Navigate to /Library/Application Support/Adobe/AdobeGCClient/
- Right click on AdobeGCClient, select Get Info.
- File Version can be seen corresponding version tag
Solution
Adobe categorizes these updates with the following priority ratings.
Product |
Version |
Platform |
Priority Rating |
---|---|---|---|
Adobe Genuine Software Client |
7.4 |
Windows and macOS |
3 |
Adobe Genuine Software Client has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet. For more details regarding Adobe Genuine Software Client, please visit here.
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
Privilege Escalation |
Critical |
7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-40708 |
Acknowledgments
Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers.
Revisions
May 14, 2021: Updated CVE ID and Acknowledgements section.
November 8, 2022: Updated product name to "Adobe Genuine Software Client"