Security update available for the Creative Cloud Desktop Application

Release date: April 12, 2016

Vulnerability identifier: APSB16-11

Priority: 2

CVE number: CVE-2016-1034

Platform: Windows and Macintosh


Adobe has released a security update for the Creative Cloud Desktop Application for Windows and Macintosh.  This update resolves an important vulnerability in the Sync Process for Creative Cloud Libraries that could be abused to remotely read and write files on the client’s file system.  

Affected versions


Affected version


Creative Cloud Desktop Application

Creative Cloud or earlier

Windows and Macintosh


Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:


Updated version


Priority rating

Creative Cloud Desktop Application

Creative Cloud

Windows and Macintosh


Creative Cloud users can apply the update via the application's update mechanism. For more details, visit

For managed environments, IT administrators can use the Creative Cloud Packager to create deployment packages as described in the workflow documented here.

Refer to this help page for more information on the Creative Cloud Packager.

Vulnerability Details

This update resolves a vulnerability in the JavaScript API for Creative Cloud Libraries that could be abused to remotely read and write files on the client’s file system (CVE-2016-1034).


Adobe would like to thank the following individuals and organizations for reporting this issue and for working with Adobe to help protect our customers:

  • Independently disclosed by Roger Chen of the University of California, Berkeley, and Lokihardt working with Trend Micro's ZDI (CVE-2016-1034).

तेज़ी से और आसानी से सहायता प्राप्त करें

नए यूज़र हैं?