Adobe Security Bulletin

Security update available for Adobe Creative Cloud Desktop Application | APSB21-18

Bulletin ID	Date Published	Priority
ASPB21-18	March 09, 2021	3

Adobe has released a security update for the Creative Cloud Desktop Application.  This update resolves multiple critical vulnerabilities that could lead to arbitrary code execution in the context of current user.

Product	Affected version	Platform
Creative Cloud Desktop Application	5.3 and earlier version	Windows and Mac OS

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product	Updated version	Platform	Priority rating	Availability
Creative Cloud Desktop Application	5.4	Windows and Mac OS	3	Download Center

Vulnerability Category	Vulnerability Impact	Severity	CVE Numbers
Arbitrary file overwrite	Arbitrary Code Execution	Critical	CVE-2021-21068
OS Command Injection	Arbitrary Code Execution	Critical	CVE-2021-21078
Improper Input Validation	Privilege escalation	Critical	CVE-2021-21069 CVE-2021-28547

Adobe would like to thank the following researchers for reporting this issue and for working with Adobe to help protect our customers.

Yjdfy (CVE-2021-21068, CVE-2021-28547)
Rookuu working with Trend Micro Zero Day Initiative (CVE-2021-21069)
Sebastian Fuchs from Star Finanz (CVE-2021-21078)

March 26, 2021: Added details for CVE-2021-28547.

Adobe Security Bulletin

Summary

Affected versions

Solution

Vulnerability Details

Acknowledgments

Revisions

Ask the Community

Contact Us