Security Updates Available for Adobe Bridge | APSB21-23
Bulletin ID Date Published Priority
APSB21-23 April 13, 2021 
3

Summary

Adobe has released a security update for Adobe Bridge. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution in the context of the current user.

Affected Versions

Product Version Platform
Adobe Bridge  
10.1.1 and earlier versions 
Windows  
Adobe Bridge  
11.0.1 and earlier versions 
Windows  

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app's update mechanism.  For more information, please reference this help page.   

Product Version Platform Priority   
Availability    
Adobe Bridge  
10.1.2
Windows and macOS     3 Download Page    
Adobe Bridge  
11.0.2
Windows and macOS     3 Download Page    

Vulnerability details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Out-of-bounds read
Information Disclosure
Important
CVE-2021-21091
Improper Authorization
Privilege Escalation
Important
CVE-2021-21096
Memory Corruption
Arbitrary code execution   
Critical  

CVE-2021-21093

CVE-2021-21092

Out-of-bounds write
Arbitrary code execution Critical

CVE-2021-21094

CVE-2021-21095

Acknowledgments

Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:  

  • Francis Provencher {PRL} working with Trend Micro Zero Day Initiative (CVE-2021-21091, CVE-2021-21092, CVE-2021-21093, CVE-2021-21094)
  • Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative (CVE-2021-21095)
  • ikth working with Trend Micro Zero Day Initiative (CVE-2021-21096)