Bulletin ID
Last updated on
Security Updates Available for Adobe Genuine Service | APSB21-81
|
|
Date Published |
Priority |
|---|---|---|
|
APSB21-81 |
September 14, 2020 |
3 |
Summary
Adobe has released updates for Adobe Genuine Service for Windows and macOS. This update resolves a critical vulnerability that could lead to privilege escalation in the context of the current user.
Affected Versions
|
Product |
Version |
Platform |
|---|---|---|
|
Adobe Genuine Service |
7.3 and earlier versions |
Windows and macOS |
Note:
To verify the version of Adobe Genuine Service installed on your system, please follow the following steps:
For Windows machines:
- Navigate to C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient
- Right click on AdobeGCClient.exe, select “Properties”.
- Go to “Details” tab, the File Version can be seen within.
For mac machines:
- Navigate to /Library/Application Support/Adobe/AdobeGCClient/
- Right click on AdobeGCClient, select Get Info.
- File Version can be seen corresponding version tag
Solution
Adobe categorizes these updates with the following priority ratings.
|
Product |
Version |
Platform |
Priority Rating |
|---|---|---|---|
|
Adobe Genuine Service |
7.4 |
Windows and macOS |
3 |
Note:
Adobe Genuine Integrity Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet. For more details regarding Adobe Genuine Integrity Service, please visit here.
Vulnerability details
|
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
|---|---|---|---|---|---|
|
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
Privilege Escalation |
Critical |
7.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-40708 |
Acknowledgments
Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting these issues and for working with Adobe to help protect our customers.
Sign in to your account