Adobe Security Bulletins for January 2021 Security Updates

Adobe Security Bulletins for January 2021 Security Updates

January 28, 2021 | Mina Hao

Overview

On January 12, 2021, local time, Adobe officially released January’s security updates to fix multiple vulnerabilities in its various products, including Adobe Bridge, Adobe Captivate, Adobe InCopy, Adobe Campaign, Classic,Adobe Animate, Adobe Illustrator, and Adobe Photoshop.

For details about the security bulletins and advisories, visit the following link:

https://helpx.adobe.com/security.html

Vulnerability Description

Adobe Bridge

Adobe has released a security update for Adobe Bridge that addresses two vulnerabilities.

The following update is rated as Priority 3. (For the definition of the priority ratings, see the Adobe Priority Rating System described in the “Solution” part.)

Vulnerability details are as follows:

Vulnerability CategoryVulnerability ImpactSeverityCVE ID
Out-of-bounds readArbitrary code executionCriticalCVE-2021-21012 CVE-2021-21013

For details on the vulnerability impact and remediation, please refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/bridge/apsb21-07.html

Adobe Captivate

Adobe has released a security update for Adobe Prelude that addresses one vulnerability.

The following update is rated as Priority 3. (For the definition of the priority ratings, see the Adobe Priority Rating System described in the “Solution” part.)

Vulnerability details are as follows:

Vulnerability CategoryVulnerability ImpactSeverityCVE ID
Uncontrolled search path elementPrivilege escalationImportantCVE-2021-21011

For details on the vulnerability impact and remediation, please refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/captivate/apsb21-06.html

Adobe InCopy

Adobe has released a security update for Adobe InCopy that addresses two vulnerabilities.

The following update is rated as Priority 3. (For the definition of the priority ratings, see the Adobe Priority Rating System described in the “Solution” part.).

Vulnerability details are as follows:

Vulnerability CategoryVulnerability ImpactSeverityCVE ID
Uncontrolled search path elementArbitrary code executionCriticalCVE-2021-21010

For details on the vulnerability impact and remediation, please refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/incopy/apsb21-05.html

Adobe Campaign Classic

Adobe has released a security update for Adobe Campaign Classic that addresses one vulnerability.

The following update is rated as Priority 2. (For the definition of the priority ratings, see the Adobe Priority Rating System described in the “Solution” part.).

Vulnerability details are as follows:

Vulnerability CategoryVulnerability ImpactSeverityCVE ID
Server-side request forgery (SSRF)Sensitive information disclosureCriticalCVE-2021-21009

For details on the vulnerability impact and remediation, please refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/campaign/apsb21-04.html

Adobe Animate

Adobe has released a security update for Adobe Animate that addresses one vulnerability.

The following update is rated as Priority 3. (For the definition of the priority ratings, see the Adobe Priority Rating System described in the “Solution” part.)

Vulnerability details are as follows:

Vulnerability CategoryVulnerability ImpactSeverityCVE ID
Uncontrolled search path elementArbitrary code executionCriticalCVE-2021-21008

For details on the vulnerability impact and remediation, please refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/animate/apsb21-03.html

Adobe Illustrator

Adobe has released a security update for Adobe Illustrator that addresses one vulnerability.

The following update is rated as Priority 3. (For the definition of the priority ratings, see the Adobe Priority Rating System described in the “Solution” part.)

Vulnerability details are as follows:

Vulnerability CategoryVulnerability ImpactSeverityCVE ID
Uncontrolled search path elementArbitrary code executionCriticalCVE-2021-21007

For details on the vulnerability impact and remediation, please refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/illustrator/apsb21-02.html

Adobe Photoshop

Adobe has released a security update for Adobe Photoshop that addresses one vulnerability.

The following update is rated as Priority 3. (For the definition of the priority ratings, see the Adobe Priority Rating System described in the “Solution” part.)

Vulnerability details are as follows:

Vulnerability CategoryVulnerability ImpactSeverityCVE ID
Heap overflowArbitrary code executionCriticalCVE-2021-21006

For details on the vulnerability impact and remediation, please refer to the security bulletin at the following link:

https://helpx.adobe.com/security/products/photoshop/apsb21-01.html

Solution

Adobe has released the latest versions that address the preceding vulnerabilities. Users are advised to upgrade within the time limit recommended by the Adobe Priority Rating System.

For vulnerability details and remediation, please visit the preceding security bulletin links.

Adobe Priority Rating System

The Adobe Priority Rating System is a guideline to help customers in managed environments prioritize Adobe security updates. Adobe bases priority rankings on historical attack patterns for the relevant product, the type of vulnerability, the platform(s) affected, and any potential mitigations that are in place.

RatingDescription
Priority 1This update resolves vulnerabilities being targeted, or which have a higher risk of being targeted, by exploit(s) in the wild for a given product version and platform. Adobe recommends administrators install the update as soon as possible (for example, within 72 hours).
Priority 2This update resolves vulnerabilities in a product that has historically been at elevated risk. There are currently no known exploits. Based on previous experience, Adobe does not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days).
Priority 3This update resolves vulnerabilities in a product that has historically not been a target for attackers. Adobe recommends administrators install the update at their discretion.
https://helpx.adobe.com/security/severity-ratings.html

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide multi-layered, unified and dynamic protection against advanced cyber attacks.

NSFOCUS works with Fortune Global 500 companies, including four of the world’s five largest financial institutions, organizations in insurance, retail, healthcare, critical infrastructure industries as well as government agencies. NSFOCUS has technology and channel partners in more than 60 countries, is a member of both the Microsoft Active Protections Program (MAPP), and the Cloud Security Alliance (CSA).

A wholly owned subsidiary of NSFOCUS Technologies Group Co., Ltd., the company has operations in the Americas, Europe, the Middle East and Asia Pacific.