Alert GCSA-21117 - Adobe Security Bulletin Out-Of-Band Ottobre 2021

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

******************************************************************

Alert ID: GCSA-21117
Data: 28 Ottobre 2021
Titolo: Adobe Security Bulletin Out-Of-Band Ottobre 2021

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza per risolvere
92 vulnerabilita' 66 delle quali critiche:

APSB21-79 Security update available for Adobe After Effects
APSB21-92 Security update available for Adobe Audition
APSB21-94 Security update available for Adobe Bridge
APSB21-95 Security update available for Adobe Character Animator
APSB21-96 Security update available for Adobe Prelude
APSB21-97 Security update available for Adobe Lightroom Classic
APSB21-98 Security update available for Adobe Illustrator
APSB21-99: Security update available for Adobe Media Encoder
APSB21-100 Security update available for Adobe Premiere Pro
APSB21-105 Security update available for Adobe Animate
APSB21-106 Security update available for Adobe Premiere Elements
APSB21-107 Security update available for Adobe InDesign
APSB21-108 Security update available for Adobe XMP Toolkit SDK
APSB21-109 Security update available for Adobe Photoshop

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato

Adobe After Effects 18.4.1 e versioni precedenti
Adobe Audition 14.4 e versioni precedenti
Adobe Bridge 11.1.1 e versioni precedenti
Character Animator 2021 4.4 e versioni precedenti
Adobe Prelude 10.1 e versioni precedenti
Lightroom Classic 10.3 e versioni precedenti
Illustrator 2021 25.4.1 e versioni precedenti
Adobe Media Encoder 15.4.1 e versioni precedenti
Adobe Premiere Pro 15.4.1 e versioni precedenti
Adobe Animate 21.0.9 e versioni precedenti
Adobe Premiere Elements 2021 [build 19.0 (20210809.daily.2242976) e
precedenti]
Adobe InDesign 16.4 e versioni precedenti
Adobe XMP-Toolkit-SDK 2021.07 e versioni precedenti
Photoshop 2021 22.5.1 e versioni precedenti


:: Impatto

Esecuzione di codice arbitrario (ACE)
Denial of Service (DoS)
Accesso ad informazioni riservate (ID)
Acquisizione di privilegi piu' elevati (EoP)


:: Soluzioni

Aggiornare i software alle ultime versioni

Adobe After Effects 22.0
Adobe Audition 22.0
Adobe Bridge 12.0
Adobe Bridge 11.1.2
Character Animator 2021 4.4.2
Character Animator 2022 22.0
Adobe Prelude 22.0
Lightroom Classic v10.4 e v11.0
Illustrator 2022 versione 26.0
Adobe Media Encoder 22.0
Adobe Premiere Pro 22.0
Adobe Animate 22.0
Adobe Premiere Elements 2021 [build 19.0 (20211007.daily.2243969)
Adobe InDesign 17.0
Adobe XMP-Toolkit-SDK 2021.08
Photoshop 2021 versione 22.5.2
Photoshop 2022 versione 23.0


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/after_effects/apsb21-79.html
https://helpx.adobe.com/security/products/audition/apsb21-92.html
https://helpx.adobe.com/security/products/bridge/apsb21-94.html
https://helpx.adobe.com/security/products/character_animator/apsb21-95.html
https://helpx.adobe.com/security/products/prelude/apsb21-96.html
https://helpx.adobe.com/security/products/lightroom/apsb21-97.html
https://helpx.adobe.com/security/products/illustrator/apsb21-98.html
https://helpx.adobe.com/security/products/media-encoder/apsb21-99.html
https://helpx.adobe.com/security/products/premiere_pro/apsb21-100.html
https://helpx.adobe.com/security/products/animate/apsb21-105.html
https://helpx.adobe.com/security/products/premiere_elements/apsb21-106.html
https://helpx.adobe.com/security/products/indesign/apsb21-107.html
https://helpx.adobe.com/security/products/xmpcore/apsb21-108.html
https://helpx.adobe.com/security/products/photoshop/apsb21-109.html

Mitre CVE
I riferimenti CVE sono disponibili nell'advisory originale.



GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert
-----BEGIN PGP SIGNATURE-----

iD8DBQFhemULwZxMk2USYEIRAiEsAKC0X4bTIVeehYBwuSGisXRoFzlqmgCfVMo4
xjgqf1B9Wq84GqHtBAms9vs=
=JdHl
-----END PGP SIGNATURE-----