Bulletin ID
Last updated on
Dis 28, 2022
Security update available for Creative Cloud Desktop Application | APSB20-11
|
|
Date Published |
Priority |
|---|---|---|
|
APSB20-11 |
March 24, 2020 |
2 |
Summary
Adobe has released a security update for the Adobe Creative Cloud Desktop Application for Windows. This update addresses a critical vulnerability. Successful exploitation could lead to arbitrary file deletion.
Affected versions
|
Product |
Affected version |
Platform |
|
Creative Cloud Desktop Application |
5.0 and earlier versions |
Windows |
Note
To check the version of the Adobe Creative Cloud desktop app:
- Launch the Creative Cloud desktop app and sign in with your Adobe ID
- Click the gear icon and choose Preferences > General
To check the version of the Adobe Creative Cloud desktop app (5.0 or later):
- Launch the Creative Cloud desktop app and sign in with your Adobe ID
- Click the Help menu and choose “About Creative Cloud”
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Creative Cloud Desktop Application |
5.1 |
Windows |
2 |
The latest Creative Cloud Desktop App installer can be downloaded from the Download Center.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Time-of-check to time-of-use (TOCTOU) race condition |
Arbitrary File Deletion |
Critical |
CVE-2020-3808 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Jiadong Lu of South China University of Technology and Zhiniang Peng of Qihoo 360 Core Security (@edwardzpeng)
Revisions
March 26, 2020: Updated the download link for Creative Cloud Desktop Application.
