Security update available for Adobe Creative Cloud Desktop Application | APSB21-18
Bulletin ID Date Published Priority
ASPB21-18
March 09, 2021 3

Summary

Adobe has released a security update for the Creative Cloud Desktop Application.  This update resolves multiple critical vulnerabilities that could lead to arbitrary code execution in the context of current user.

Affected versions

Product Affected version Platform
Creative Cloud Desktop Application
5.3 and earlier version
Windows and Mac OS

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Creative Cloud Desktop Application 5.4 Windows and Mac OS
3 Download Center 

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Arbitrary file overwrite
Arbitrary Code Execution
Critical
CVE-2021-21068
OS Command Injection
Arbitrary Code Execution        
Critical
CVE-2021-21078
Improper Input Validation
Privilege escalation Critical

CVE-2021-21069

CVE-2021-28547

Acknowledgments

Adobe would like to thank the following researchers for reporting this issue and for working with Adobe to help protect our customers. 

  • Yjdfy (CVE-2021-21068, CVE-2021-28547)
  • Rookuu working with Trend Micro Zero Day Initiative (CVE-2021-21069)
  • Sebastian Fuchs from Star Finanz (CVE-2021-21078)

Revisions

March 26, 2021: Added details for CVE-2021-28547.