Adobe Security Bulletin

Security update available for Adobe Creative Cloud Desktop Application | APSB21-111

Bulletin ID

Date Published

Priority

APSB21-111

November 9, 2021

3

Summary

Adobe has released an update for the Creative Cloud Desktop for Windows and macOS.  This update includes a fix for an important vulnerability that could lead to application denial of service in the context of the current user.   
   

Affected versions

Product

Affected version

Platform

Creative Cloud Desktop Application 

5.5 and earlier version

macOS

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product

Updated version

Platform

Priority rating

Availability

Creative Cloud Desktop Application

5.6

macOS

3

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score 

CVE Numbers

Creation of Temporary File in Directory with Incorrect Permissions

 (CWE-379)

Application denial-of-service

Important

4.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

CVE-2021-43017

Improper Access Control (CWE-284)

Privilege Escalation

Important

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-43019

Acknowledgments

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers: 

  • CQY of Topsec Alpha Team (CVE-2021-43017)
  • Jokubas Arsoba working with Trend Micro Zero Day Initiative (CVE-2021-43019)

Revisions

November 11, 2021: Updated vulnerability details for CVE-2021-43017

November 22, 2021: Published vulnerability details for CVE-2021-43019





For more information, visit https://helpx.adobe.com/security.html, or email PSIRT@adobe.com.

Get help faster and easier

New user?