Adobe Fixes Critical Vulnerability in Creative Cloud Application

Adobe Fixes Critical Vulnerability in Creative Cloud Application


Adobe has released a security update for its Creative Cloud Desktop Application to fix a vulnerability that could allow attackers to delete files on a vulnerable computer.


The Adobe Creative Cloud is an application suite consisting of numerous apps such as Photoshop, Premiere Pro, Illustrator, Adobe Acrobat, InDesign, Lightroom, and XD.


Adobe normally releases its security updates on the second Tuesday of each month to align with Microsoft's Patch Tuesday.


This month, Adobe did not release any updates on Patch Tuesday but have been instead rolling them out as needed. For example, Adobe released security updates for Adobe Reader and Acrobat on March 17th.


In a new security bulletin released today, Adobe states that a 'Critical' vulnerability has been discovered in its Creative Cloud Desktop Application that could allow attackers to arbitrarily delete files on a computer.


This vulnerability is categorized as a 'Time-of-check to time-of-use (TOCTOU) race condition', which means that to exploit the vulnerability the attack would have to be timed in a precise way to achieve the desired results.


Vulnerability Category
Vulnerability Impact
Severity
CVE Numbers
Time-of-check to time-of-use (TOCTOU) race condition
Arbitrary File Deletion
Critical 
CVE-2020-3808

This also appears to be a local attack, which means that an attacker or malware would need to be running on the machine before attempting to exploit the vulnerability.


To resolve these vulnerabilities, users should upgrade to Creative Cloud Desktop Application version 5.1.



Support the originator by clicking the read the rest link below.