=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN471
_____________________________________________________________________

DATE                : 15/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, macOS running Adobe Creative Cloud Desktop
                         Application versions prior to 5.5.

=====================================================================
https://helpx.adobe.com/security/products/creative-cloud/apsb21-76.html
_____________________________________________________________________

Last updated on Sep 14, 2021

Security update available for Adobe Creative Cloud Desktop Application |
APSB21-76

Bulletin ID      Date Published         Priority

ASPB21-76        September 14, 2021    3


Summary

Adobe has released an update for the Creative Cloud Desktop for Windows
and macOS. This update includes a fix for a critical vulnerability that
could lead to arbitrary file system read in the context of
current user.


Affected versions

Product         Affected version       Platform

Creative Cloud Desktop Application     5.4 and earlier version   macOS


Solution

Adobe categorizes this update with the following priority rating and
recommends users update their installation to the newest version:

Product   Updated version   Platform    Priority rating     Availability

Creative Cloud Desktop Application    5.5     Windows and macOS  3
Download Center


Vulnerability Details

Vulnerability Category      Vulnerability Impact     Severity
CVSS base score       CVSS vector      CVE Numbers

Creation of Temporary File in Directory with Incorrect Permissions
(CWE-379)    Arbitrary file system write    Critical     7.0
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H     CVE-2021-28613


Acknowledgments

Adobe would like to thank CQY of Topsec Alpha Team (yjdfy)  for
reporting this issue and for working with Adobe to help protect our
customers.


For more information, visit https://helpx.adobe.com/security.html , or
email PSIRT@adobe.com.


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================