Adobe 26 October 2021 security updates

On 26 October 2021, Adobe issued security updates for vulnerabilities affecting multiple products. It is recommended that these updates should be applied during your regular update cycle.

Details

• Adobe assigned a critical severity rating to 61 flaws, noting that they could allow arbitrary code execution. Adobe's threshold for a Critical rating is a CVSS score of 7.5 (typically considered High by other vendors).
  • The flaws require a user to be authenticated for successful exploitation.
  • Adobe recommends administrators install the update at their discretion.
  • The company has no evidence of any public proof-of-concept (POC) implementations or current campaigns exploiting these vulnerabilities.

• Adobe After Effects 18.4.1 and earlier versions for Windows contained 11 vulnerabilities; nine of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
• Adobe Audition 14.4 and earlier versions for Windows and macOS contained nine vulnerabilities; six of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
• Adobe Bridge 11.1.1 and earlier versions for Windows contained nine vulnerabilities; eight of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is 12.0.
• Character Animator 4.4 and earlier versions for Windows and macOS contained eight vulnerabilities; three of them rated with CVSS v3.1 score of 7.8. The latest release of the product Character Animator 2021 is 4.4.2, and Character Animator 2022 22.0.
• Prelude 10.1 and earlier versions for Windows contained nine vulnerabilities; six of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is 22.0.
• Lightroom Classic 10.3 and earlier versions for Windows contained one vulnerability with CVSS v3.1 score of 7.7. The latest release of the product is 11.0.
• Illustrator 25.4.1 and earlier versions for Windows contained five vulnerabilities; two rated with CVSS v3.1 score of 7.8. The latest release of the product is Illustrator 2022 26.0.
• Media Encoder 15.4.1 and earlier versions for Windows and macOS contained six vulnerabilities; three of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is 22.0.
• Premiere Pro 15.4.1 and earlier versions for Windows and macOS contained six vulnerabilities; three of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
• Animate 21.0.9 and earlier versions for Windows contained 10 vulnerabilities; nine of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 22.0.
• Premiere Elements 2021 build 19.0 (20210809.daily.2242976) and earlier for Windows and macOS contained seven vulnerabilities; four of them rated with CVSS v3.1 score of 7.8 and one rated with 8.3. The latest release of the product is Premiere Elements 2021 build 19.0 (20211007.daily.2243969).
• InDesign 16.4 and earlier versions for Windows and macOS contained three vulnerabilities; two of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 17.0.
• XMP Toolkit SDK 2021.07 and earlier versions, for all platforms, contained five vulnerabilities; four of them rated with CVSS v3.1 score of 7.8. The latest release of the product is 2021.08.
• Photoshop 2021 22.5.1 and earlier versions for Windows and macOS contained three vulnerabilities; two of them rated with CVSS v3.1 score of 7.8. The latest release of the product is Photoshop 2021 22.5.2 and Photoshop 2022 23.0.

Recommendations

• Follow Adobe's guidance and update the noted products to the latest release.
• Users can update their product installations manually by choosing Help > Check for Updates.

References 

• Adobe Security Bulletins and Advisories