Adobe Security Bulletin

חפש

עודכן לאחרונה בתאריך 16 ביוני 2021

Security update available for Adobe Creative Cloud Desktop Application | APSB21-41

Bulletin ID	Date Published	Priority
ASPB21-41	June 08, 2021	3

Summary

Adobe has released an update for the Creative Cloud Desktop installer for Windows and macOS.  This update includes a fix for a critical and an important vulnerability that could lead to arbitrary code execution in the context of current user. 

Affected versions

Product	Affected version	Platform
Creative Cloud Desktop Application (Installer)	2.4 and earlier version	Windows and macOS

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product	Updated version	Platform	Priority rating	Availability
Creative Cloud Desktop Application (installer)	2.5	Windows and macOS	3	Download Center

Vulnerability Details

Vulnerability Category	Vulnerability Impact	Severity	CVSS base score	CVSS vector	CVE Numbers
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)	Arbitrary file system write	Important	6.1	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H	CVE-2021-28633
Uncontrolled Search Path Element (CWE-427)	Arbitrary code execution	Critical	7.8	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	CVE-2021-28594

Acknowledgments

Adobe would like to thank the following for reporting this issue and for working with Adobe to help protect our customers. 

CQY of Topsec Alpha Team (yjdfy) (CVE-2021-28633)
Dhiraj Mishra (CVE-2021-28594)

Revisions

June 15, 2021: Updated CVSS base score and CVSS vector for CVE-2021-28633.

For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com

קבל עזרה במהירות ובקלות

משתמש חדש?