Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3085 APSB21-76 Security update available for AdobeCreative Cloud Desktop Application 15 September 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Adobe Creative Cloud Desktop Application Publisher: Adobe Operating System: Windows Mac OS Impact/Access: Create Arbitrary Files -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2021-28613 Original Bulletin: https://helpx.adobe.com/security/products/creative-cloud/apsb21-76.html - --------------------------BEGIN INCLUDED TEXT-------------------- Security update available for Adobe Creative Cloud Desktop Application | APSB21-76 Bulletin ID Date Published Priority ASPB21-76 September 14, 2021 3 Summary Adobe has released an update for the Creative Cloud Desktop for Windows and macOS. This update includes a fix for a critical vulnerability that could lead to arbitrary file system read in the context of current user. Affected versions Product Affected version Platform Creative Cloud Desktop Application 5.4 and earlier version macOS Solution Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version: Product Updated Platform Priority Availability version rating Creative Cloud Desktop 5.5 Windows and 3 Download Application macOS Center Vulnerability Details Vulnerability Vulnerability CVSS Category Impact Severity base CVSS vector CVE Numbers score Creation of Temporary File in CVSS:3.1/AV:P/ Directory with Arbitrary AC:L/PR:H/UI:R Incorrect file system Critical 7.0 /S:C/C:H/I:H/ CVE-2021-28613 Permissions write A:H ( CWE-379 ) Acknowledgments Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting this issue and for working with Adobe to help protect our customers. For more information, visit https://helpx.adobe.com/security.html , or email PSIRT@adobe.com. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYUFK1eNLKJtyKPYoAQgpFw/+McJ6r59WA2BWYcXmZBLkCgSvs8L4o7pT eXRBArDJCKe2NQN8ApBczoWHc2y0ukP7t+x+wBpQ3ygYWty3aWHJP0yfrvR9A/fD qR1PcCR7VrZJ5ztpZHqMhiHDujCEX5MDuqUkr5TON26jGIoVCzRZpjS1BKWD7dkj n6S2szzqUg7j/Plksf3mQrsFlDkA7a5/S/WLRPYFH1pC0yooli1Tjj0woKYPMp7c kg5NwBzDhf0pM4SO471mOybVNpM9fqHNtXbXpgniDOxK9xkBG8WmvgYlPpCAs60R XEaJv8VsgZbZE1HKzgsSMj16RtunDfF3kOl3kkiWlj5EN+nKTzL9vGLX/dICzY3V s0I5hjBDYZbSS4qG+FVL3Yev6HkjfchYGtWf4Jo3t4Ykj4Hc4eP+UtedMewVKxRL DWlAIA7D+PLF4AefyKEveSd2nX9D6DYwqLIAJvjay5sn2DQLxbb1M66PbAkriAbr De6BqtRd6U5bq3PyEkhzLF8LP3n32iz2dgHNZoaGWbwSiZUX/8SE4rDmQU62Nb5k Iy5zgf7fccvYji6ghOED4nIdPOGGu1oigslYG2pZwctW9tg2+ABhzASCPGcr6dzC ZK56b2vP09XIED7Rcp/bAxVGQjPQGcHMG8V8fHzbOPkAwBymUM4pCsouACI8SMZ3 NFswCYq2fRM= =4+g+ -----END PGP SIGNATURE-----