Bulletin ID
Security update available for Adobe Creative Cloud Desktop Application | APSB21-18
Bulletin ID |
Date Published |
Priority |
---|---|---|
ASPB21-18 |
March 09, 2021 |
3 |
Adobe has released a security update for the Creative Cloud Desktop Application. This update resolves multiple critical vulnerabilities that could lead to arbitrary code execution in the context of current user.
Product |
Affected version |
Platform |
Creative Cloud Desktop Application |
5.3 and earlier version |
Windows and Mac OS |
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product |
Updated version |
Platform |
Priority rating |
Availability |
Creative Cloud Desktop Application |
5.4 |
Windows and Mac OS |
3 |
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
---|---|---|---|
Arbitrary file overwrite |
Arbitrary Code Execution |
Critical |
CVE-2021-21068 |
OS Command Injection |
Arbitrary Code Execution |
Critical |
CVE-2021-21078 |
Improper Input Validation |
Privilege escalation |
Critical |
CVE-2021-21069 CVE-2021-28547 |
Adobe would like to thank the following researchers for reporting this issue and for working with Adobe to help protect our customers.
March 26, 2021: Added details for CVE-2021-28547.
Sign in to your account