On the first patch day of this year, Adobe closed critical security gaps in Animate, Bridge Campaign Classic, Illustrator, InCopy and Photoshop. A gap with “Important” classification in Captivate has also been eliminated. Product updates are available for the Windows, macOS and Linux platforms alike. Adobe recommends that users import them promptly in view of the high severity of the security vulnerabilities.

Code execution and access to sensitive data As usual, Adobe’s Security Bulletins use information on security gaps very sparingly: Most of the critical gaps could be misused under certain conditions in order not to get closer designated attack routes to execute any program code in the context of the logged-in user. Campaign Classic is an exception: Here, the security gap can enable the interception of sensitive data.

The potential gateway into Adobe Captivate with “Important” classification could be misused by attackers in order to extend their access rights.

Overview of security gaps & updates Detailed information on vulnerable and protected program versions can be found in the security bulletins, which we provide below along with CVE IDs:

Adobe Animate | APSB 21 – 03 (CVE – 2021 – 21008, Critical) Adobe Campaign Classic | APSB 21 – 04 (CVE – 2021 – 21009, Critical) Adobe Captivate | APSB 21 – 06 (CVE – 2021 – 21011, Important) Adobe Illustrator | APSB 21 – 02 (CVE – 2021 – 21007, Critical) Adobe InCopy | APSB 21 – 05 (CVE – 2021 – 21010, Critical) Adobe Photoshop | APSB 21 – 01 (CVE – 2021 – 21006, Critical) Adobe Bridge | APSB 21 – 07 (CVE – 2021 – 21012 & CVE – 2021 – 21013, Critical) Flash Player will block Flash in the future The end-of-life of Adobe’s Flash Player has already been announced 2017, the Support on 31. 12. 2020 completed. In the future, the player will also refuse service if it has still not been uninstalled: The “Adobe Flash Player EOL General Information Page” states that since yesterday, Flash content has been blocked in Flash Player for security reasons. So it’s high time to remove this relic from earlier times from the system. How this works and what alternatives there are, among other things, reveals our FAQ on the topic:

(ovw)