Headline
CVE-2020-9668: Adobe Security Bulletin
Adobe Genuine Service version 6.6 (and earlier) is affected by an Improper Access control vulnerability when handling symbolic links. An unauthenticated attacker could exploit this to elevate privileges in the context of the current user.
Security Updates Available for Adobe Genuine Service | APSB20-42
Bulletin ID
Date Published
Priority
APSB20-42
July 14, 2020
3
Adobe has released updates for the Adobe Genuine Service for Windows and macOS. This update resolves important vulnerabilities which could lead to privilege escalation in the context of the current user.
Product
Version
Platform
Adobe Genuine Service
Version 6.6 and earlier versions
Windows and macOS
Note:
To verify the version of Adobe Genuine Integrity Service installed on your system, please follow the following steps:
- For Windows machines, navigate to C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient
- Right click on AdobeGCClient.exe, select “Properties”.
- Go to “Details” tab, the File Version can be seen within.
Adobe categorizes these updates with the following priority ratings.
Product
Version
Platform
Priority Rating
Adobe Genuine Service
7.1
Windows and macOS
3
Note:
Adobe Genuine Integrity Service has a self-update mechanism that runs automatically at a regular interval when the host is connected to the internet. For more details regarding Adobe Genuine Integrity Service, please visit here.
Vulnerability Category
Vulnerability Impact
Severity
CVE Numbers
Insecure library loading
Privilege Escalation
Important
CVE-2020-9667
CVE-2020-9681
Mishandling symbolic links
Privilege Escalation
Important
CVE-2020-9668
Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:
- Adrian Denkiewicz from CQURE. (CVE-2020-9667)
- Zhongcheng Li (CK01) of Topsec Alpha Team (CVE-2020-9668, CVE-2020-9681)