Adobe launches patches for CVE-2023-29298 that can lead to a security feature bypass. After the company’s analysis, it showed that the attackers had exploited CVE-2023-29298 and bounded it with CVE-2023-38203.
Rapid7 pointed out that Adobe’s patch for CVE-2023-29298 was partial and easy to bypass. The software company has yet to confirm that CVE-2023-38203 is also exploited.
Adobe also released a patch for CVE-2023-38206, a ColdFusion vulnerability. The timing proposes that CVE-2023-38206 may have been allocated after the patch for CVE-2023-29301 was bypassed.
The new patches will help Adobe and other companies to discover vulnerabilities and install quick and strong security measures.