Adobe Security Bulletin
Security updates available for Creative Cloud Desktop Application | APSB19-39
Bulletin ID Date Published Priority
APSB19-39 August 13, 2019 2

Summary

Adobe has released a security update for the Creative Cloud Desktop Application for Windows and macOS. This update resolves critical and important vulnerabilities. Successful exploitation could lead to Arbitrary code execution in the context of the current user.

Affected versions

Product Affected version Platform
Creative Cloud Desktop Application

4.6.1 and earlier versions

Windows and macOS

To check the version of the Adobe Creative Cloud desktop app:

  1. Launch the Creative Cloud desktop app and sign in with your Adobe ID
  2. Click the gear icon and choose Preferences > General

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Creative Cloud Desktop Application 4.9 Windows and macOS
2 Download Center

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Insecure Transmission of Sensitive Data Information Leakage Important CVE-2019-8063
Security Bypass Denial of Service Important CVE-2019-7957
Insecure Inherited Permissions Privilege Escalation Critical CVE-2019-7958
Using Components with Known Vulnerabilities Arbitrary Code Execution Critical CVE-2019-7959
Security Bypass Privilege Escalation Critical CVE-2019-8236

Acknowledgments

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:   

  • Eran Shimony of CyberArk Labs (CVE-2019-7957, CVE-2019-8236)
  • Rene Arends of Exinit (CVE-2019-7959)
  • David Beitey (CVE-2019-8063)
  • Aaron Margosis, Microsoft & Kevin J. Crowe (CVE-2019-7958)

Revisions

October 23, 2019: Inlcuded details about CVE-2019-8236.

March 26, 2020: Updated the link to download Creative Cloud Desktop Application