Adobe Security Bulletin

Paieška

Paskutinį kartą atnaujinta | Taip pat taikoma Digital Editions

Security Updates Available for Adobe Genuine Service | APSB20-12

Bulletin ID	Date Published	Priority
APSB20-12	March 17, 2020	3

Summary

Adobe has released updates for the Adobe Genuine Service for Windows. This update resolves an important vulnerability which could lead to privilege escalation in the context of the current user.

Affected Versions

Product	Version	Platform
Adobe Genuine Service	Version 6.4 and earlier versions	Windows

Pastaba:

To verify the version of Adobe Genuine Service installed on your system, please follow the following steps:

For Windows machines, navigate to C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient
Right click on AdobeGCClient.exe, select “Properties”.
Go to “Details” tab, the File Version can be seen within.

Solution

Adobe categorizes these updates with the following priority ratings.

Product	Version	Platform	Priority Rating
Adobe Genuine Service	6.6	Windows and macOS	3

Pastaba:

Adobe Genuine Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet. For more details regarding Adobe Genuine Service, please visit here.

Vulnerability details

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Insecure file permissions	Privilege Escalation	Important	CVE-2020-3766

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:  

Andrew Hess (any1)
Glenn Lloyd working with Trend Micro Zero Day Initiative
Csaba Fitzl (@theevilbit) working with iDefense Labs (https://vcp.idefense.com/)

Revisions

May 05, 2020: Updated Acknowledgements section and Solution Platform section.

July 14, 2020: Updated the name of the product from 'Adobe Genuine Integrity Service' to "Adobe Genuine Service'.

Prisijunkite prie savo paskyros