Adobe has recently released a critical security update for its Adobe Commerce and Magento Open Source platforms. This blog post aims to explore the specifics of this update, the potential risks it mitigates, and actionable steps users can take to enhance their security posture.
Understanding the Issue:
The security update, identified as APSB24-03, was released on February 13, 2024. It addresses critical, important, and moderate vulnerabilities present in Adobe Commerce and Magento Open Source. These vulnerabilities, if exploited, could lead to arbitrary code execution, security feature bypass, and application denial-of-service attacks.
Affected Versions:
The affected versions include various iterations of Adobe Commerce and Magento Open Source. Users of versions prior to the following are urged to take immediate action:
- Adobe Commerce: 2.4.6-p3 and earlier, 2.4.5-p5 and earlier, 2.4.4-p6 and earlier, and more.
- Magento Open Source: 2.4.6-p3 and earlier, 2.4.5-p5 and earlier, 2.4.4-p6 and earlier.
Solution:
Adobe has provided updated versions for both Adobe Commerce and Magento Open Source to address these vulnerabilities. Users are strongly advised to update their installations to the newest versions as soon as possible. Detailed installation instructions are available on Adobe’s website.
Vulnerability Details:
The vulnerabilities encompass various categories, including Cross-site Scripting, Improper Neutralization of Special Elements used in an OS Command, and Cross-Site Request Forgery. Each vulnerability poses different risks, ranging from arbitrary code execution to security feature bypass and denial-of-service attacks.
You can find more detailed information about the security update APSB24-03 for Adobe Commerce and Magento Open Source by visiting the following link: Adobe Security Bulletin APSB24-03