Rewterz Threat Advisory – CVE-2021-30918 – Apple iOS and iPadOS Vulnerability

October 27, 2021

Rewterz Threat Advisory – CVE-2021-3760 – Linux Kernel Vulnerability

October 27, 2021

Rewterz Threat Advisory – Multiple Adobe Vulnerabilities

October 27, 2021

Severity

Medium

Analysis Summary

CVE-2021-40751: CVE-2021-40752: CVE-2021-40753: CVE-2021-40754: CVE-2021-40755: CVE-2021-40757: CVE-2021-40758: CVE-2021-40759: CVE-2021-40760:

Adobe After Effects could allow a remote attacker to execute arbitrary code on the system, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-40756: CVE-2021-40761: CVE-2021-40737

Adobe After Effects is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

CVE-2021-40734: CVE-2021-40735: CVE-2021-40736: CVE-2021-42738: CVE-2021-40733

Adobe Audition could allow a remote attacker to execute arbitrary code on the system, caused by access of memory location after end of buffer. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-40776

Adobe Lightroom Classic could allow a remote attacker to gain elevated privileges on the system, caused by the creation of temporary file in directory with incorrect permissions. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to gain elevated privileges on the system.

CVE-2021-40749

Adobe Illustrator is vulnerable to a denial of service, caused by a NULL pointer dereference. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to cause a denial of service.

Impact

Code Execution
Denial of Service
Privilege Escalation

Affected Vendors

Adobe

Affected Products

Adobe After Effects 18.4.1
Adobe Audition 14.4
Adobe Prelude 10.1
Adobe Lightroom 10.3 Classic

Remediation

Refer to Adobe Advisory for patch, upgrade or suggested workaround information.

CVE-2021-40751: CVE-2021-40752: CVE-2021-40753: CVE-2021-40754: CVE-2021-40755: CVE-2021-40757: CVE-2021-40758: CVE-2021-40759: CVE-2021-40760: CVE-2021-40756: CVE-2021-40761:

https://helpx.adobe.com/security/products/after_effects/apsb21-79.html

CVE-2021-40734: CVE-2021-40737: CVE-2021-40735: CVE-2021-40736

https://helpx.adobe.com/security/products/audition/apsb21-92.html

CVE-2021-42738

https://helpx.adobe.com/security/products/prelude/apsb21-96.html

CVE-2021-40733

https://helpx.adobe.com/security/products/lightroom/apsb21-97.html

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Multiple Fortinet Products Vulnerabilities

TCESB Malware Emerges in Targeted Exploits Against ESET Security Tools – Active IOCs

PipeMagic Trojan Exploits CLFS Flaw in Windows for Ransomware Attacks

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Advisory – CVE-2021-30918 – Apple iOS and iPadOS Vulnerability

Rewterz Threat Advisory – CVE-2021-3760 – Linux Kernel Vulnerability

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.