Adobe Developers eliminated A critical bug in the desktop version of Creative Cloud for Windows. The problem could be used to delete arbitrary files in the context of the current user.
The vulnerability was discovered by Qihoo 360 Core Security experts, and it received an identifier CVE-2020-3808. The problem refers to the time-of-check time-of-use type, that is, by provoking a race condition, an attacker can use it and force the system to delete the files and other data that are in operation. However, in order to implement such an attack, the attacker must first convince the victim to download and open a malicious document in order to exploit the bug.
No other vulnerability information has been published, and Adobe claims to have found no evidence that the problem is already being exploited by hackers. Although the vulnerability was assigned the status critical, its priority is 2, which means that Adobe engineers do not expect this vulnerability to be used soon for real attacks.
However, users are advised to upgrade Creative Cloud to a revised version 5.1 as soon as possible.