20.08.2021 Adobe August 2021 Security Updates

by Elena Lapina

Over the past few weeks, Adobe issued updates for vulnerabilities affecting multiple products. Timely updates are recommended.

Details

  • Adobe August 2021 updates have addressed arbitrary code execution, memory leaks, denial-of-service, and arbitrary file system read issues.
    • The flaws require a user to be authenticated for successful exploitation.
    • Adobe has not reported any public proof-of-concept (POC) implementations or current campaigns exploiting these vulnerabilities.
  • Adobe XMP-Toolkit-SDK 2021.07 fixes 11 vulnerabilities; the most severe of them received a CVSS v3.1 score of 8.8. The flaw is tracked as CVE-2021-36052 and could allow arbitrary code execution.
  • Adobe Media Encoder 15.4.1 fixes CVE-2021-36070, an Access of Memory Location After End of Buffer issue that could allow arbitrary code execution. CVSS v3.1 score: 7.8
  • Adobe Bridge 11.1.1 and 10.1.3 updates fix 14 vulnerabilities. The most severe of these flaws, CVE-2021-36078, received a CVSS v3.1 score of 8.8, and could allow arbitrary code execution.
  • Photoshop 2020 v.21.2.11 and Photoshop 2021 v. 22.5 fix two flaws with a CVSS v3.1 score of 7.8. Both could allow arbitrary code execution.
  • Adobe Captivate 2019 v.11.5.5 and earlier versions received a Hotfix for a Privilege Escalation flaw rated 5 on the CVSS v3.1 scale.

Recommendations

  • Follow Adobe’s guidance and update the noted products to the latest release, depending on the version running.
  • Users can update their product installations manually by choosing Help > Check for Updates.
  • We recommend applying the Principle of Least Privilege to all systems and services as an additional mitigation measure for these flaws.

References 

 

Request Demo

Fill out the form and we will send you details about our demo.