Bulletin ID
Last updated on
20 Dec 2021
Security update available for Adobe Creative Cloud Desktop Application | APSB20-33
|
|
Date Published |
Priority |
|---|---|---|
|
APSB20-33 |
July 14, 2020 |
2 |
Summary
Affected versions
|
Product |
Affected version |
Platform |
|
Creative Cloud Desktop Application |
5.1 and earlier versions |
Windows |
Note
To check the version of the Adobe Creative Cloud desktop app:
- Launch the Creative Cloud desktop app and sign in with your Adobe ID
- Click the gear icon and choose Preferences > General
To check the version of the Adobe Creative Cloud desktop app (5.0 or later):
- Launch the Creative Cloud desktop app and sign in with your Adobe ID
- Click the Help menu and choose “About Creative Cloud”
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
|
Product |
Updated version |
Platform |
Priority rating |
Availability |
|
Creative Cloud Desktop Application |
5.2 |
Windows |
2 |
The latest Creative Cloud Desktop App installer can be downloaded from the Download Center.
Vulnerability Details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
|---|---|---|---|
|
Lack of Exploit Mitigations |
Privilege escalation |
Important |
CVE-2020-9669 |
|
Insecure File permissions |
Privilege escalation |
Important |
CVE-2020-9671 |
|
Symlink vulnerability |
Privilege escalation |
Important |
CVE-2020-9670 |
|
Symlink vulnerability |
Arbitrary file system write |
Critical |
CVE-2020-9682 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Xavier DANEST – Decathlon (CVE-2020-9671)
- Zhongcheng Li(CK01) of Topsec Alpha Team (CVE-2020-9669, CVE-2020-9670, CVE-2020-9682)
