=====================================================================

                             CERT-Renater

                 Note d'Information No. 2021/VULN480
_____________________________________________________________________

DATE                : 15/09/2021

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Windows, macOS running Adobe Genuine Service
                                 versions prior to 7.4.

=====================================================================
https://helpx.adobe.com/security/products/integrity_service/apsb21-81.html
_____________________________________________________________________


Last updated on Sep 14, 2021

Security Updates Available for Adobe Genuine Service | APSB21-81

Bulletin ID        Date Published          Priority
APSB21-81          September 14, 2020      3


Summary

Adobe has released updates for Adobe Genuine Service for Windows and
macOS. This update resolves a critical vulnerability that could lead to
privilege escalation in the context of the current user.     


Affected Versions

Product                  Version                     Platform

Adobe Genuine Service    7.3 and earlier versions    Windows and macOS

Note:

To verify the version of Adobe Genuine Service installed on
your system, please follow the following steps: 

For Windows machines:

    Navigate to C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient 
    Right click on AdobeGCClient.exe, select “Properties”. 
    Go to “Details” tab, the File Version can be seen within. 

For mac machines:

    Navigate to /Library/Application Support/Adobe/AdobeGCClient/
    Right click on AdobeGCClient, select Get Info. 
    File Version can be seen corresponding version tag


Solution

Adobe categorizes these updates with the following priority ratings.


Product                 Version          Platform        Priority Rating

Adobe Genuine Service    7.4        Windows and macOS     3

Note:

Adobe Genuine Integrity Service has a self-update mechanism that runs
automatically at a regular interval when the host is connected to the
internet.  For more details regarding Adobe Genuine Integrity Service,
please visit here.


Vulnerability details

Vulnerability Category      Vulnerability Impact     Severity
CVSS base score       CVSS vector      CVE Numbers

Creation of Temporary File in Directory with Incorrect Permissions
(CWE-379)     Privilege Escalation      Critical     7.3
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H     CVE-2021-40708



Acknowledgments

Adobe would like to thank CQY of Topsec Alpha Team (yjdfy) for reporting
these issues and for working with Adobe to help protect our customers.  


=========================================================
+ CERT-RENATER       |    tel : 01-53-94-20-44          +
+ 23/25 Rue Daviel   |    fax : 01-53-94-20-41          +
+ 75013 Paris        |    email:cert@support.renater.fr +
=========================================================