====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN449
_____________________________________________________________________

DATE                : 14/08/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Adobe Lightroom versions prior
                                       to 9.3.

=====================================================================
https://helpx.adobe.com/security/products/lightroom/apsb20-51.html
_____________________________________________________________________

Security Updates Available for Adobe Lightroom | APSB20-51
Bulletin ID 	Date Published 	Priority
ASPB20-51	August 11, 2020   3


Summary

Adobe has released updates for Adobe Lightroom Classic for Windows and
macOS. This update addresses an important vulnerability. Successful
exploitation could lead to privilege escalation in the context of the
current user.


Affected Versions

Product             Version                             Platform
Lightroom Classic   9.2.0.10 and earlier versions      	Windows


Solution

Adobe categorizes these updates with the following priority ratings and
recommends users update their installation to the newest version via the
Creative Cloud desktop app’s update mechanism.  For more information,
please reference this help page.

Product 	  Version  Platform   Priority Rating 	Availability
Lightroom Classic   9.3   Windows and macOS 	3 	Download Center

For managed environments, IT administrators can use the Admin Console to
deploy Creative Cloud applications to end users. Refer to this help page
for more information.


Vulnerability details

Vulnerability Category 	Vulnerability Impact 	Severity   CVE Number
Insecure Library Loading  Privilege escalation  Important  CVE-2020-9724


Acknowledgments

Adobe would like to thank Honggang Ren of Fortinet's FortiGuard Labs for
reporting these issues and for working with Adobe to help protect our
customers.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================