Alert GCSA-21098 - Aggiornamenti di sicurezza per prodotti Adobe

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************

Alert ID: GCSA-21098
Data: 15 Settembre 2021
Titolo: Aggiornamenti di sicurezza per prodotti Adobe

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza per risolvere
diverse vulnerabilita':

APSB21-85 Security update available for Adobe XMP Toolkit SDK
APSB21-84 Security update available for Adobe Photoshop
APSB21-82 Security update available for Adobe Experience Manager
APSB21-81 Security update availabie for Adobe Genuine Service
APSB21-80 Security update available for Adobe Digital Editions
APSB21-78 Security update available for Adobe Premiere Elements
APSB21-77 Security update available for Adobe Photoshop Elements
APSB21-76 Security update available for Adobe Creative Cloud Desktop Application
APSB21-75 Security update available for Adobe ColdFusion
APSB21-74 Security update available for Adobe Framemaker
APSB21-73 Security update available for Adobe InDesign
APSB21-72 Security update available for Adobe SVG-Native-Viewer
APSB21-71 Security update available for Adobe InCopy
APSB21-67 Security update available for Adobe Premiere Pro
APSB21-55 Security update available for Adobe Acrobat and Reader

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe XMP-Toolkit-SDK 2021.07 e versioni precedenti
Photoshop 2020 21.2.11 e versioni precedenti
Photoshop 2021 22.5 e versioni precedenti
Adobe Experience Manager (AEM) AEM Cloud Service (CS)
Adobe Experience Manager (AEM) 6.5.9.0 e versioni precedenti
Adobe Genuine Service 7.3 e versioni precedenti
Adobe Digital Editions 4.5.11.187646 e versioni precedenti
Adobe Premiere Elements 2021 [build 19.0 (20210127.daily.2235820)] e versioni precedenti
Photoshop Elements 2021 [build 19.0 (20210304.m.156367)] e versioni precedenti
Creative Cloud Desktop Application 5.4 e versioni precedenti
ColdFusion 2018 Update 11 e versioni precedenti
ColdFusion 2021 Version 1 e versioni precedenti
Adobe Framemaker 2019 Update 8 e versioni precedenti
Adobe Framemaker 2020 Release Update 2 e versioni precedenti
Adobe InDesign 16.3.2 e versioni precedenti
Adobe InDesign 16.3 e versioni precedenti
Adobe SVG-Native-Viewer
Adobe InCopy 16.3.1 e versioni precedenti
Adobe InCopy 16.3 e versioni precedenti
Adobe Premiere Pro 15.4 e versioni precedenti
Acrobat DC 2021.005.20060 e versioni precedenti
Acrobat Reader DC 2021.005.20060 e versioni precedenti
Acrobat DC 2021.005.20058 e versioni precedenti
Acrobat Reader DC 2021.005.20058 e versioni precedenti
Acrobat 2020 2020.004.30006 e versioni precedenti
Acrobat Reader 2020 2020.004.30006 e versioni precedenti
Acrobat 2017 2017.011.30199 e versioni precedenti
Acrobat Reader 2017 2017.011.30199 e versioni precedenti


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Rivelazione di informazioni riservate (ID)
Manipolazione dei dati (DM)
Acquisizione di privilegi piu' elevati (EoP)
Denial of Service (DoS)
Elusione delle restrizioni di sicurezza (SRB)
Cross-Site Scripting (XSS)


:: Soluzioni

Aggiornare i software alle ultime versioni:

Adobe XMP-Toolkit-SDK 2021.08
Photoshop 2020 21.2.12
Photoshop 2021 22.5.1
Adobe Experience Manager (AEM) AEM Cloud Service (CS)
Adobe Experience Manager (AEM) 6.5.10.0
Adobe Genuine Service 7.4
Adobe Digital Editions 4.5.11.187658
Adobe Premiere Elements 2021 [build 19.0 (20210809.daily.2242976)]
Photoshop Elements 2021 [build 19.0 (20210811.m.158081)]
Creative Cloud Desktop Application 5.5
ColdFusion 2018 Update 12
ColdFusion 2021 Update 2
Adobe Framemaker 2019 Release Update 8 (hotfix)
Adobe Framemaker 2020 Release Update 3
Adobe InDesign 16.4
Adobe SVG-Native-Viewer (https://github.com/adobe/svg-native-viewer/commit/b79ecc37b2572b27aa8ff93de67ffa55828e4df8)
Adobe InCopy 16.4
Adobe Premiere Pro 15.4.1
Acrobat DC Continuous 2021.007.20091
Acrobat Reader DC Continuous 2021.007.20091
Acrobat 2020 Classic 2020 2020.004.30015
Acrobat Reader 2020 Classic 2020.2020.004.30015
Acrobat 2017 Classic 2017 2017.011.30202
Acrobat Reader 2017 Classic 2017 2017.011.30202


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security.html
https://helpx.adobe.com/security/products/xmpcore/apsb21-85.html
https://helpx.adobe.com/security/products/photoshop/apsb21-84.html
https://helpx.adobe.com/security/products/experience-manager/apsb21-82.html
https://helpx.adobe.com/security/products/integrity_service/apsb21-81.html
https://helpx.adobe.com/security/products/Digital-Editions/apsb21-80.html
https://helpx.adobe.com/security/products/premiere_elements/apsb21-78.html
https://helpx.adobe.com/security/products/photoshop_elements/apsb21-77.html
https://helpx.adobe.com/security/products/creative-cloud/apsb21-76.html
https://helpx.adobe.com/security/products/coldfusion/apsb21-75.html
https://helpx.adobe.com/security/products/framemaker/apsb21-74.html
https://helpx.adobe.com/security/products/indesign/apsb21-73.html
https://helpx.adobe.com/security/products/svg-native-viewer/apsb21-72.html
https://helpx.adobe.com/security/products/incopy/apsb21-71.html
https://helpx.adobe.com/security/products/premiere_pro/apsb21-67.html
https://helpx.adobe.com/security/products/acrobat/apsb21-55.html

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40716
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40709
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40711
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40712
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40713
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40714
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40708
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39827
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40700
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40702
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28613
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39833
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39821
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39823
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39819
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39818
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40710
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40715


GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYUHcQQAKCRDBnEyTZRJg
QnsEAKDUN7iSsw3/Lll+4MZ+UzB9ZKsAlgCfS/eTDjEQC91m5F0kWoGzSp5AK7E=
=mRh8
-----END PGP SIGNATURE-----