====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN274
_____________________________________________________________________

DATE                : 12/05/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S):Windows, macOS running Adobe InDesign versions prior
                                           to 16.2.1.

=====================================================================
https://helpx.adobe.com/security/products/indesign/apsb21-22.html
_____________________________________________________________________


Security Update Available for Adobe InDesign | APSB21-22

Bulletin ID     Date Published      Priority
APSB21-22       May 11, 2021        3


Summary

Adobe has released a security update for Adobe InDesign.  This update
addresses multiple critical vulnerabilities. Successful exploitation
could lead to arbitrary code execution in the context of the current
user.


Affected versions

Product          Affected version              Platform

Adobe InDesign   16.0 and earlier versions     Windows


Solution

Adobe categorizes these updates with the following priority rating and
recommends users update their software installations via the Creative
Cloud desktop app updater, or by navigating to the InDesign Help menu
and clicking "Updates." For more information, please reference this help
page.


Product    Updated version    Platform    Priority rating   Availability

Adobe InDesign    16.2.1      Windows and macOS    3    Release Note 


For managed environments, IT administrators can use the Creative Cloud
Packager to create deployment packages. Refer to this help page for more
information.


Vulnerability Details

Vulnerability Category    Vulnerability Impact    Severity    CVE Number

Out-of-bounds write   Arbitrary code execution  Critical  CVE-2021-21098
                                                          CVE-2021-21099
                                                          CVE-2021-21043

Acknowledgments


Adobe would like to thank the following researchers for
reporting these issues and for working with Adobe to help protect our
customers:  

    Francis Provencher{PRL} working with Trend Micro Zero Day Initiative
(CVE-2021-21098, CVE-2021-21099)

    Mateusz Jurczyk from Google Project Zero (CVE-2021-21043)



=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================