Adobe Security Bulletin

Security update available for Adobe Creative Cloud Desktop Application | APSB21-41

Bulletin ID

Date Published

Priority

ASPB21-41

June 08, 2021

3

Summary

Adobe has released an update for the Creative Cloud Desktop installer for Windows and macOS.  This update includes a fix for a critical and an important vulnerability that could lead to arbitrary code execution in the context of current user.  

Affected versions

Product

Affected version

Platform

Creative Cloud Desktop Application (Installer)

2.4 and earlier version

Windows and macOS

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product

Updated version

Platform

Priority rating

Availability

Creative Cloud Desktop Application

(installer)   

2.5

Windows and macOS

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Creation of Temporary File in Directory with Incorrect Permissions (CWE-379)

Arbitrary file system write

Important

6.1

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVE-2021-28633

Uncontrolled Search Path Element (CWE-427)

Arbitrary code execution

Critical

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-28594

Acknowledgments

Adobe would like to thank the following for reporting this issue and for working with Adobe to help protect our customers.  

  • CQY of Topsec Alpha Team (yjdfy) (CVE-2021-28633)
  • Dhiraj Mishra (CVE-2021-28594)

Revisions

June 15, 2021: Updated CVSS base score and CVSS vector for  CVE-2021-28633.




For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com

 Adobe

Get help faster and easier

New user?

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX 2024

Adobe MAX
The Creativity Conference

Oct 14–16 Miami Beach and online

Adobe MAX

The Creativity Conference

Oct 14–16 Miami Beach and online