Creative Cloud Desktop Application versions 5.0 and previous versions have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.
Patch this flaw, unless you want random docs to wipe out your work
Adobe has issued a patch for a critical flaw that can be exploited to delete files from Windows computers running the Creative Cloud client.
Dubbed CVE-2020-3808, the vulnerability is a classic time-of-check-to-time-of-use flaw where, by exploiting a race condition, a miscreant could potentially trick the system into deleting work-in-progress files and other data-destroying shenanigans.
"Successful exploitation could lead to arbitrary File Deletion in the context of the current user,...
Adobe has released an out-of-band patch for a critical vulnerability in its Creative Cloud Desktop Application for Windows. The flaw can be exploited by an attacker to delete specific arbitrary files on the victim’s system.
Creative Cloud acts as a central console for desktop users to quickly launch, manage and update their Adobe apps, such as Photoshop, Acrobat, Illustrator and more. Specifically affected is the Creative Cloud desktop application version 5.0 and earlier; Adobe has made ...