Bulletin ID
Security Updates Available for Adobe Digital Editions | APSB21-80
|
Date Published |
Priority |
---|---|---|
APSB20-80 |
September 14, 2021 |
3 |
Summary
Affected product versions
Product |
Version |
Platform |
---|---|---|
Adobe Digital Editions |
4.5.11.187646 and below |
macOS |
Solution
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:
Product |
Version |
Platform |
Priority |
Availability |
---|---|---|---|---|
Adobe Digital Editions |
4.5.11.187658 |
MacOS |
3 |
- Customers can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVSS base score |
CVE Numbers |
|
---|---|---|---|---|---|
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
Privilege Escalation |
Important |
5.8 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N |
CVE-2021-39828 |
Creation of Temporary File in Directory with Incorrect Permissions (CWE-379) |
Arbitrary file system write |
Critical |
6.5 |
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
CVE-2021-39827 |
OS Command Injection (CWE-78) |
Arbitrary code execution |
Critical |
8.6 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
CVE-2021-39826 |
Acknowledgments
Adobe would like to thank the following security researchers for reporting these issues and for working with Adobe to help protect our customers.
- CQY of Topsec Alpha Team (yjdfy) (CVE-2021-39828, CVE-2021-39827)
- CFF of Topsec Alpha Team (cff_123) (CVE-2021-39826)
Revisions
October 4, 2021: Updated CVSS base score and vector for CVE-2021-39827.
For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com