Headline
CVE-2021-28547: Adobe Security Bulletin
Adobe Creative Cloud Desktop Application for macOS version 5.3 (and earlier) is affected by a privilege escalation vulnerability that could allow a normal user to delete the OOBE directory and get permissions of any directory under the administrator authority.
Security update available for Adobe Creative Cloud Desktop Application | APSB21-18
Bulletin ID
Date Published
Priority
ASPB21-18
March 09, 2021
3
Summary
Adobe has released a security update for the Creative Cloud Desktop Application. This update resolves multiple critical vulnerabilities that could lead to arbitrary code execution in the context of current user.
Affected versions
Creative Cloud Desktop Application
Solution
Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:
Product
Updated version
Platform
Priority rating
Availability
Creative Cloud Desktop Application
5.4
Windows and Mac OS
3
Download Center
Vulnerability Details
Vulnerability Category
Vulnerability Impact
Severity
CVE Numbers
Arbitrary file overwrite
Arbitrary Code Execution
Critical
CVE-2021-21068
OS Command Injection
Arbitrary Code Execution
Critical
CVE-2021-21078
Improper Input Validation
Privilege escalation
Critical
CVE-2021-21069
CVE-2021-28547
Acknowledgments
Adobe would like to thank the following researchers for reporting this issue and for working with Adobe to help protect our customers.
- Qingyang Chen of Topsec Alpha Team (CVE-2021-21068, CVE-2021-28547)
- Rookuu working with Trend Micro Zero Day Initiative (CVE-2021-21069)
- Sebastian Fuchs from Star Finanz (CVE-2021-21078)
Revisions
March 26, 2021: Added details for CVE-2021-28547.