CVE-2021-43019: Adobe Security Bulletin

Security update available for Adobe Creative Cloud Desktop Application | APSB21-111

Bulletin ID

Date Published

Priority

APSB21-111

November 9, 2021

3

Summary

Adobe has released an update for the Creative Cloud Desktop for Windows and macOS.  This update includes a fix for an important vulnerability that could lead to application denial of service in the context of the current user.

Affected versions

Creative Cloud Desktop Application

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product

Updated version

Platform

Priority rating

Availability

Creative Cloud Desktop Application

5.6

macOS

3

Download Center

Vulnerability Details

Vulnerability Category

Vulnerability Impact

Severity

CVSS base score

CVSS vector

CVE Numbers

Creation of Temporary File in Directory with Incorrect Permissions

(CWE-379)

Application denial-of-service

Important

4.2

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H

CVE-2021-43017

Improper Access Control (CWE-284)

Privilege Escalation

Important

7.8

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVE-2021-43019

Adobe would like to thank the following for reporting these issues and for working with Adobe to help protect our customers:

• CQY of Topsec Alpha Team (CVE-2021-43017)
• Jokubas Arsoba working with Trend Micro Zero Day Initiative (CVE-2021-43019)

Revisions

November 11, 2021: Updated vulnerability details for CVE-2021-43017

November 22, 2021: Published vulnerability details for CVE-2021-43019

For more information, visit https://helpx.adobe.com/security.html, or email [email protected].