Adobe recently released security updates for its programs, including Creative Cloud, Connect, and Framemaker, which resolve vulnerabilities.
Adobe has patched security issues in its products as follows - three critical flaws in Creative Cloud, four vulnerabilities in Connect, and one code execution bug in Framemaker.
Adobe found issues with its Creative Cloud. The software is a set of various apps and services for design, photography, video, and web, etc.
Creative Cloud has been updated to fix three critical bugs. CVE-2021-21068 is an arbitrary file overwrite vulnerability, while CVE-2021-21078 is an OS command injection risk.
The two problems enable arbitrary code to be executed. The third bug, CVE-2021-21069 is an inappropriate input validation flaw that can be used for privilege escalation.
A single, critical bug triggered by incorrect input validation has been addressed in Adobe Connect, a remote conferencing tool. CVE-2021-21085 is a security bug that will contribute to arbitrary code execution.
Moreover, three reflected cross-site scripting (XSS) bugs in Connect have been resolved by Adobe. CVE-2021-21079, CVE-2021-21080, and CVE-2021-21081 are critical because they can be used for arbitrary JavaScript execution in a browser session.
Another bug in Framemaker, a document processor, has been fixed in Adobe’s security update, issued once a month. CVE-2021-21056 is a critical out-of-bounds read vulnerability that, if abused, will contribute to the execution of arbitrary code.
The most severe bugs are code execution bugs, which cause attackers to perform Windows commands such as injecting ransomware or taking control of the computer.
Adobe urges users who use infected products to perform updates to get the most recent versions as quickly as possible. These updates will prevent the complete exploitation of unsecured installations.
Users can also use the auto-update feature by following the steps below:
- Go to Help. Then, click Check for Updates.
- Download the full update installers from Adobe Download Center.
- Enable the products to update automatically without the need for user input when updates are available.
If users are unable to update the program within it, they can try downloading the most recent version and conduct an in-place upgrade.
For reporting the vulnerabilities, Adobe gave gratitude to Francis Provencher and Rookuu, who collaborated with Sebastian Fuchs of Star Finanz, Zero Day Initiative of Trend Micro, and four independent researchers.
Adobe previously resolved in February Insecure Direct Object Reference (IDOR) security bugs, out-of-bounds write/read bugs, and buffer overflow vulnerabilities in programs such as Acrobat, Illustrator, Magento, and Reader.
