Adobe Security Bulletin

Security Updates Available for Adobe Digital Editions | APSB21-80

Bulletin ID

Date Published

Priority

APSB20-80

September 14, 2021   

3

Summary

Adobe has released a security update for Adobe Digital Editions. This update resolves one important and multiple critical vulnerabilities that could result in arbitrary code execution.     

Affected product versions

Product

Version

Platform

Adobe Digital Editions

4.5.11.187646 and below

macOS

Solution

Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version:

Product

Version

Platform

Priority

Availability

Adobe Digital Editions

4.5.11.187658

MacOS

3

Note:
  • Customers can download the update from the Adobe Digital Editions download page, or utilize the product’s update mechanism when prompted.

Vulnerability details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Creation of Temporary File in Directory with Incorrect Permissions

(CWE-379)

Privilege Escalation 

Important

5.8

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N

CVE-2021-39828

Creation of Temporary File in Directory with Incorrect Permissions

(CWE-379)

Arbitrary file system write

Critical

6.5

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVE-2021-39827

OS Command Injection

(CWE-78)

Arbitrary code execution

Critical

8.6

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CVE-2021-39826

Acknowledgments

Adobe would like to thank the following security researchers for reporting these issues and for working with Adobe to help protect our customers.       

  • CQY of Topsec Alpha Team (yjdfy) (CVE-2021-39828, CVE-2021-39827)
  • CFF of Topsec Alpha Team (cff_123) (CVE-2021-39826)

Revisions

October 4, 2021: Updated CVSS base score and vector for CVE-2021-39827.


For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com 

 

Get help faster and easier

New user?