Alert GCSA-21135 - Adobe Security Bulletin - Dicembre 2021

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1





******************************************************************

alert ID: GCSA-21135
data: 15 dicembre 2021
titolo: Adobe Security Bulletin - Dicembre 2021

******************************************************************

:: Descrizione del problema

Adobe ha rilasciato i seguenti aggiornamenti di sicurezza
per risolvere numerose vulnerabilita', molte delle quali di
livello critico.

APSB21-101 : Security update available for Adobe Premiere Rush
APSB21-103 : Security update available for Adobe Experience Manager
APSB21-112 : Security update available for Adobe Connect
APSB21-113 : Security update available for Adobe Photoshop
APSB21-114 : Security update available for Adobe Prelude
APSB21-115 : Security update available for Adobe After Effects
APSB21-116 : Security update available for Adobe Dimension
APSB21-117 : Security update available for Adobe Premiere Pro
APSB21-118 : Security update available for Adobe Media Encoder
APSB21-119 : Security update available for Adobe Lightroom
APSB21-121 : Security update available for Adobe Audition

Maggiori informazioni sono disponibili alla sezione "Riferimenti".


:: Software interessato


Adobe Premiere Rush per Windows 1.5.16 e precedenti
Adobe Experience Manager 6.5.10.0 e precedenti
Adobe Connect 11.3 e precedenti
Adobe Photoshop 2021 per Windows e macOS 22.5.3 e precedenti
Adobe Photoshop 2022 per Windows e macOS 23.0.2 e precedenti
Adobe Prelude 22.0 per Windows e precedenti
Adobe After Effects 22.0 per Windows e macOS e precedenti
Adobe After Effects 18.4.2 per Windows e macOS e precedenti
Adobe Dimension 3.4.3 per Windows e macOS e precedenti
Adobe Premiere Pro 22.0 per Windows e macOS e precedenti
Adobe Premiere Pro 15.4.2 per Windows e macOS e precedenti
Adobe Media Encoder 22.0 per Windows e macOS e precedenti
Adobe Media Encoder 15.4.2 per Windows e macOS e precedenti
Adobe Lightroom 4.4 per Windows e precedenti
Adobe Audition 22.0 per Windows e macOS e precedenti
Adobe Audition 14.4 per Windows e macOS e precedenti


:: Impatto

Esecuzione remota di codice arbitrario (RCE)
Privilege Escalation
Security feature bypass
Denial of Service (DoS)


:: Soluzioni

Aggiornare i software alle ultime versioni


:: Riferimenti

Adobe Security Bulletins e Advisories
https://helpx.adobe.com/security/security-bulletin.html
https://helpx.adobe.com/security/products/premiere_rush/apsb21-101.html
https://helpx.adobe.com/security/products/experience-manager/apsb21-103.html
https://helpx.adobe.com/security/products/connect/apsb21-112.html
https://helpx.adobe.com/security/products/photoshop/apsb21-113.html
https://helpx.adobe.com/security/products/prelude/apsb21-114.html
https://helpx.adobe.com/security/products/after_effects/apsb21-115.html
https://helpx.adobe.com/security/products/dimension/apsb21-116.html
https://helpx.adobe.com/security/products/premiere_pro/apsb21-117.html
https://helpx.adobe.com/security/products/media-encoder/apsb21-118.html
https://helpx.adobe.com/security/products/lightroom/apsb21-119.html
https://helpx.adobe.com/security/products/audition/apsb21-121.html

US-CERT
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/14/adobe-releases-security-updates-multiple-products

CIS - Center if Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-adobe-products-could-allow-for-arbitrary-code-execution_2021-163/

SecurityWeek
https://www.securityweek.com/adobe-joins-security-patch-tuesday-frenzy

Red Packet Security
https://www.redpacketsecurity.com/adobe-addresses-over-60-vulnerabilities-in-multiple-products/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44699




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAmG54YoACgkQwZxMk2USYELxTQCfaNQnVJMcVbxtPG5OADKC1UMH
TpEAn2OQRbWoxKUKg5eHZKfokk/XkvfI
=Dy1x
-----END PGP SIGNATURE-----