Adobe Security Bulletin
Security update available for Adobe Creative Cloud Desktop Application | APSB20-68
Bulletin ID Date Published Priority
ASPB20-68 
October 20, 2020 3

Summary

Adobe has released a security update for the Creative Cloud Desktop Application installer for Windows.  This update resolves a critical vulnerability in the installer that could lead to arbitrary code execution. 

Affected versions

Product Affected version Platform
Creative Cloud Desktop Application (old installer) 
5.2 and earlier version
Windows
Creative Cloud Desktop Application (new installer) 
2.1 and earlier versions  
Windows

Note:

To check the version of the Adobe Creative Cloud desktop application installer:   

  • Visit Properties”>”Details” on Windows or “Get Info” on Mac to view the installer version

Solution

Adobe categorizes this update with the following priority rating and recommends users update their installation to the newest version:

Product Updated version Platform Priority rating Availability
Creative Cloud Desktop Application (old installer) 5.3 Windows 
3 Download Center 
Creative Cloud Desktop Application (new installer) 
2.2
Windows  3 Download Center 

The latest Creative Cloud Desktop App installer can be downloaded from the Download Center

Vulnerability Details

Vulnerability Category Vulnerability Impact Severity CVE Numbers
Uncontrolled Search Path
Arbitrary Code Execution
Critical
CVE-2020-24422

Acknowledgments

Adobe would like to thank Dhiraj Mishra (@RandomDhiraj) for reporting this issue and for working with Adobe to help protect our customers.