Headline
CVE-2021-21096: Adobe Security Bulletin
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper Authorization vulnerability in the Genuine Software Service. A low-privileged attacker could leverage this vulnerability to achieve application denial-of-service in the context of the current user. Exploitation of this issue does not require user interaction.
Security Updates Available for Adobe Bridge | APSB21-23
Bulletin ID
Date Published
Priority
APSB21-23
April 13, 2021
3
Adobe has released a security update for Adobe Bridge. This update addresses critical and important vulnerabilities that could lead to arbitrary code execution in the context of the current user.
Product
Version
Platform
Adobe Bridge
10.1.1 and earlier versions
Windows
Adobe Bridge
11.0.1 and earlier versions
Windows
Adobe categorizes these updates with the following priority ratings and recommends users update their installation to the newest version via the Creative Cloud desktop app’s update mechanism. For more information, please reference this help page.
Product
Version
Platform
Priority
Availability
Adobe Bridge
10.1.2
Windows and macOS
3
Download Page
Adobe Bridge
11.0.2
Windows and macOS
3
Download Page
Vulnerability Category
Vulnerability Impact
Severity
CVE Numbers
Out-of-bounds read
Information Disclosure
Important
CVE-2021-21091
Improper Authorization
Privilege Escalation
Important
CVE-2021-21096
Memory Corruption
Arbitrary code execution
Critical
CVE-2021-21093
CVE-2021-21092
Out-of-bounds write
Arbitrary code execution
Critical
CVE-2021-21094
CVE-2021-21095
Adobe would like to thank the following researchers for reporting these issues and for working with Adobe to help protect our customers:
- Francis Provencher {PRL} working with Trend Micro Zero Day Initiative (CVE-2021-21091, CVE-2021-21092, CVE-2021-21093, CVE-2021-21094)
- Tran Van Khang - khangkito (VinCSS) working with Trend Micro Zero Day Initiative (CVE-2021-21095)
- ikth working with Trend Micro Zero Day Initiative (CVE-2021-21096)