Issued: Monday, 27 December, 2021 |
Last Revision: Monday, 27 December, 2021 |
Vendor: |
Product: |
Severity Level: |
Adobe has issued security update for December 2021, which address 60 vulnerabilities in 11 products, with 28 classified as Critical.
Some notable products that are patched in December security update includes- Adobe Audition, Lightroom, Media Encoder, Premiere Pro, Prelude, Dimension, After Effects, Photoshop, Connect, Experience Manager, and Premiere Rush.
Adobe has fixed problem of cross-site scripting (XSS), arbitrary code execution, remote code execution, and privilege escalation.
Product(s) | CVE/Vulnerability | Description |
Adobe Premiere Rush | CVE-2021-40783, CVE-2021-40784, CVE-2021-43021, CVE-202143022, CVE-2021-43023, CVE-2021-43024, CVE-2021-43025, CVE-2021-43026, CVE-2021-43028, CVE-2021-43029, CVE-2021-43747, CVE-2021-43746 | Arbitrary code execution |
Adobe Premiere Rush | CVE-2021-43030 | Privilege escalation |
Adobe Premiere Rush | CVE-2021-43748, CVE-2021-43749, CVE-2021-43750 | Denial-ofservice |
Adobe Experience Manager | CVE-2021-43761, CVE-2021-43764, CVE-2021-40722, CVE-202143765, CVE-2021-44176, CVE-2021-44177, CVE-2021-44178 | Arbitrary code execution |
Adobe Experience Manager | CVE-2021-43762 | Security feature bypass |
Adobe Connect | CVE-2021-43014 | Arbitrary file system write |
Adobe Photoshop | CVE-2021-44184, CVE-2021-43018 | Arbitrary code execution |
Adobe Photoshop | CVE-2021-43020 | Memory leak |
Adobe Prelude | CVE-2021-43754 | Arbitrary code execution |
Adobe Prelude | CVE-2021-44696 | Privilege escalation |
Adobe After Effects | CVE-2021-43755, CVE-2021-44188 | Arbitrary code execution |
Adobe After Effects | CVE-2021-44189, CVE-2021-44190, CVE-2021-44191, CVE-202144192, CVE-2021-44193, CVE-2021-44194, CVE-2021-44195, CVE- 2021-43027 | Privilege escalation |
Adobe Dimension | CVE-2021-43763, | Privilege escalation |
Adobe Dimension | CVE-2021-44179, CVE-2021-44180, CVE-2021-44181, CVE-202144182, CVE-2021-44183 | Arbitrary code execution |
Adobe Premiere Pro | CVE-2021-43751, CVE-2021-40791, CVE-2021-40795, CVE-202142265, CVE-2021-40790 | Privilege escalation |
Adobe Media Encoder | CVE-2021-43756, CVE-2021-43757, CVE-2021-43758, CVE-202143759, CVE-2021-43760 | Arbitrary code execution |
Adobe Lightroom | CVE-2021-43753, CVE-2021-44697, CVE-2021-44698, CVE-202144699 | Privilege escalation |
Table 1: Vulnerability details
Affected Product(s) | Version | Platform |
Adobe Premiere Rush | 1.5.16 and earlier versions | Windows |
Adobe Experience Manager (AEM) | AEM Cloud Service (CS) and 6.5.10.0 and earlier versions | All
|
Adobe Connect | 11.3 and earlier versions | All |
Photoshop 2021 | 22.5.3 and earlier versions | Windows and macOS |
Photoshop 2022 | 23.0.2 and earlier versions | Windows and macOS |
Adobe Prelude | 22.0 and earlier versions | Windows |
Adobe After Effects | 22.0 and earlier versions | Windows and macOS |
Adobe After Effects | 18.4.2 and earlier versions | Windows and macOS |
Adobe Dimension | 3.4.3 and earlier versions
| Windows and macOS |
Adobe Premiere Pro | 22.0 and earlier versions | Windows and macOS |
Adobe Premiere Pro | 15.4.2 and earlier versions | Windows and macOS |
Adobe Media Encoder | Adobe Media Encoder | Adobe Media Encoder |
22.0 and earlier versions | 22.0 and earlier versions | 22.0 and earlier versions |
Lightroom | 4.4 and earlier versions | Windows |
Adobe Audition | 22.0 and earlier versions | Windows and macOS |
Adobe Audition | 14.4 and earlier versions | Windows and macOS |
Table 2: Vulnerable versions
Organizations are strongly encouraged to apply appropriate update as soon as possible.