Coming Soon...

Q-CERT website is currently under maintenance. We should be back shortly. Thank you for yor patience.

Adobe Critical Patch Update- October 2021

Issued: 
Tuesday, 2 November, 2021
Last Revision: 
Tuesday, 2 November, 2021
Vendor: 
Adobe
Product: 
Multiple products
Severity Level: 
High
Summary: 

Adobe has issued security update for October 2021, that address 92 vulnerabilities in 14 products, with 66 classified as Critical.  

 

Some notable products that are patched in October security update includes- Adobe After Effects, Animate, Audition, Bridge, Character Animator, Illustrator, InDesign, Lightroom Classic, Media Encoder, Photoshop, Prelude, Premiere Pro, Premiere Elements and the XMP Toolkit SDK. 

 

Adobe has fixed problem of arbitrary code execution (ACE), privilege escalation, denial-of-service and memory leaks/information disclosure. 

 

Organizations are strongly encouraged to apply appropriate update using the vendor provided instruction in the security section of security bulletin, particularly patches for critical vulnerabilities. URL links of security bulletin are provided in Reference section of this directive.

 

CVE/Vulnerability

         Description 

CVSS3.0 Score

CVE-2021-40751

CVE-2021-40752

CVE-2021-40753

CVE-2021-40754

CVE-2021-40755

CVE-2021-40757

CVE-2021-40758

CVE-2021-40759

CVE-2021-40760

Arbitrary code execution

7.8

 

 

 

 

 

 

 

 

CVE-2021-40734 

CVE-2021-40735

CVE-2021-40736

CVE-2021-40738

CVE-2021-40739

CVE-2021-40740

Arbitrary code execution

7.8

 

 

 

 

 

CVE-2021-40750

Memory leak

8.3

CVE-2021-40750 

CVE-2021-42533 

CVE-2021-42722

CVE-2021-42720

CVE-2021-42719 

CVE-2021-42728 

CVE-2021-42724

CVE-2021-42729

CVE-2021-42730

Arbitrary code execution

7.8

 

 

 

 

 

 

 

 

CVE-2021-40763

CVE-2021-40764

CVE-2021-40765

Arbitrary code execution

 

 

 

7.8

 

 

 

CVE-2021-40771

CVE-2021-40772

CVE-2021-40775

CVE-2021-42737

CVE-2021-42738

CVE-2021-42733

 

 

 

 

 

 

Arbitrary code execution

7.8

CVE-2021-40773

 

Memory leak

8.3

CVE-2021-40776

 

Privilege escalation  

8.8

CVE-2021-40718

 

Memory Leak  

7.8

CVE-2021-40746

 

Arbitrary code execution

7.8

CVE-2021-40778 Memory leak8.3

CVE-2021-40777

CVE-2021-40779

CVE-2021-40780

  

 

 

Arbitrary code execution

7.8

CVE-2021-40792

CVE-2021-40793

CVE-2021-40794

   

 

 

Arbitrary code execution

7.8

CVE-2021-42266

CVE-2021-42267

CVE-2021-42268

CVE-2021-42269

CVE-2021-42270

CVE-2021-42271

CVE-2021-42272

CVE-2021-40733

CVE-2021-42524

 

 

 

 

 

 

 

 

 

Arbitrary code execution

7.8

CVE-2021-40785

 

Memory leak

8.3

CVE-2021-40786

CVE-2021-40787

CVE-2021-42526

CVE-2021-42527

 

 

 

 

Arbitrary code execution

7.8

CVE-2021-42731

CVE-2021-42732

 Arbitrary code execution       7.8

CVE-2021-42529

CVE-2021-42530

CVE-2021-42531

CVE-2021-42532

 

 

 

 

Arbitrary code execution

7.8

CVE-2021-42735

CVE-2021-42736

 

 

Arbitrary code execution

7.8

 

 

                                                                                       Table 1: Vulnerability details 

 

 

 

 

 

CVE/Vulnerability 

               Affected Product(s)

Platform

CVE-2021-40751

CVE-2021-40752

CVE-2021-40753

CVE-2021-40754

CVE-2021-40755

CVE-2021-40757

CVE-2021-40758

CVE-2021-40759

CVE-2021-40760

Adobe After Effects 18.4.1 and earlier versions      

Windows

CVE-2021-40734 

CVE-2021-40735

CVE-2021-40736

CVE-2021-40738

CVE-2021-40739

CVE-2021-40740

Adobe Audition 14.4  and earlier versions    

Windows and macOS

CVE-2021-40750 

CVE-2021-42533 

CVE-2021-42722

CVE-2021-42720

CVE-2021-42719 

CVE-2021-42728 

CVE-2021-42724

CVE-2021-42729

CVE-2021-42730

 

Adobe Bridge  11.1.1 and earlier versions

Windows

CVE-2021-40763

CVE-2021-40764

CVE-2021-40765

Character Animator 2021 4.4 and earlier versions    

Windows and macOS

CVE-2021-40771

CVE-2021-40772

CVE-2021-40773

CVE-2021-40775

CVE-2021-42737

CVE-2021-42738

CVE-2021-42733

Adobe Prelude 10.1  and earlier versions    

Windows

CVE-2021-40776

Lightroom Classic 10.3 and earlier versions      

 

Windows

CVE-2021-40718 

CVE-2021-40746

Illustrator 2021 25.4.1 and earlier versions 

Windows

CVE-2021-40777  

CVE-2021-40779

CVE-2021-40780

CVE-2021-40778

Adobe Media Encoder version 22.0

Windows and macOS

CVE-2021-40792   

CVE-2021-40793

CVE-2021-40794

Adobe Premiere Pro 15.4.1 and earlier versions

Windows and macOS

CVE-2021-42266

CVE-2021-42267

CVE-2021-42268

CVE-2021-42269

CVE-2021-42270

CVE-2021-42271

CVE-2021-42272

CVE-2021-40733

CVE-2021-42524

 

 

 

 

 

 

 

 

 

Adobe Animate 21.0.9  and earlier versions    

Windows

CVE-2021-40785

CVE-2021-40786

CVE-2021-40787

CVE-2021-42526

CVE-2021-42527

 

 

 

 

 

Adobe Premiere Elements 2021 [build 19.0

(20210809.daily.2242976) and earlier]

 

Windows and macOS

CVE-2021-42731

CVE-2021-42732

 Adobe InDesign 16.4 and earlier versionsWindows and macOS

CVE-2021-42529

CVE-2021-42530

CVE-2021-42531

CVE-2021-42532

 

 

 

 

Adobe XMP-Toolkit-SDK 2021.07 and earlier versions  

All

CVE-2021-42735

CVE-2021-42736

 

 

Photoshop 2021 22.5.1  and earlier versions    

Windows and macOS

 

 

 

                                                                                               Table 2: Vulnerable versions

 

Recommendation: 

Organizations are strongly encouraged to apply appropriate update using the vendor provided instruction in the security section of security bulletin.

 

References: 
Adobe Product Security Incident Response Team
Adobe’s Surprise Security Bulletin Dominated by Critical Patches