CVE-2020-3808: 
Adobe Creative Cloud vulnerability analysis and mitigation

The Creative Cloud Desktop Application versions 5.0 and earlier were found to contain a time-of-check to time-of-use (TOCTOU) race condition vulnerability, identified as CVE-2020-3808. The vulnerability was discovered in December 2019 and publicly disclosed by Adobe in March 2020 (NVD, Adobe Security).

The vulnerability stems from a time-of-check to time-of-use (TOCTOU) race condition. This specific type of race condition occurs when two or more system operations can access shared data and attempt to change it simultaneously, involving the checking of the state of a part of a system (such as a security credential) and the use of the results of that check being done at the same time (Threatpost).

If successfully exploited, the vulnerability could lead to arbitrary file deletion in the context of the current user, potentially allowing an attacker to delete certain critical files on the victim's system (Threatpost).

Adobe addressed the vulnerability by releasing version 5.1 of the Creative Cloud Desktop Application. The company recommended users update their product installations to the latest versions using the instructions referenced in their security bulletin (Adobe Security).

The vulnerability was discovered and reported by Jiadong Lu of South China University of Technology and Zhiniang Peng of Qihoo 360 Core Security. Adobe released an out-of-band patch to address this critical vulnerability, highlighting its significance (Threatpost).