Bulletin ID
Security updates available for Creative Cloud Desktop Application | APSB19-39
|
Date Published |
Priority |
---|---|---|
APSB19-39 |
August 13, 2019 |
2 |
Summary
Affected versions
Product |
Affected version |
Platform |
Creative Cloud Desktop Application |
4.6.1 and earlier versions |
Windows and macOS |
To check the version of the Adobe Creative Cloud desktop app:
- Launch the Creative Cloud desktop app and sign in with your Adobe ID
- Click the gear icon and choose Preferences > General
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product |
Updated version |
Platform |
Priority rating |
Availability |
Creative Cloud Desktop Application |
4.9 |
Windows and macOS |
2 |
Vulnerability Details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Numbers |
---|---|---|---|
Insecure Transmission of Sensitive Data |
Information Leakage |
Important |
CVE-2019-8063 |
Security Bypass |
Denial of Service |
Important |
CVE-2019-7957 |
Insecure Inherited Permissions |
Privilege Escalation |
Critical |
CVE-2019-7958 |
Using Components with Known Vulnerabilities |
Arbitrary Code Execution |
Critical |
CVE-2019-7959 |
Security Bypass |
Privilege Escalation |
Critical |
CVE-2019-8236 |
Acknowledgments
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Eran Shimony of CyberArk Labs (CVE-2019-7957, CVE-2019-8236)
- Rene Arends of Exinit (CVE-2019-7959)
- David Beitey (CVE-2019-8063)
- Aaron Margosis, Microsoft & Kevin J. Crowe (CVE-2019-7958)
Revisions
October 23, 2019: Inlcuded details about CVE-2019-8236.
March 26, 2020: Updated the link to download Creative Cloud Desktop Application