Security News > 2022 > February > Adobe fixes zero-day exploit in e-commerce code: update now!
Make sure that the site where Magento or Adobe Commerce is actually running has downloaded and applied Adobe's latest patches.
Adobe has released security updates for Adobe Commerce and Magento Open Source.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
According to Adobe, it seems that any Adobe Commerce or Magento installation running a version later than 2.3.3 that hasn't received the latest patches is vulnerable.
Watch your statements carefully if you've shopped recently at a site driven by Magento or Adobe Commerce.
Keep your eyes open for follow-up information from Adobe that gives actionable details about CVE-2022-24086 and the attacks known to have exploited it.
News URL
Related news
- Botnet exploits GeoVision zero-day to install Mirai malware (source)
- Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (source)
- Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)
- RomCom Exploits Zero-Day Firefox and Windows Flaws in Sophisticated Cyberattacks (source)
- Mitel MiCollab zero-day flaw gets proof-of-concept exploit (source)
- Mitel MiCollab zero-day and PoC exploit unveiled (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-16 | CVE-2022-24086 | Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 0.0 |