Security News > 2022 > February > Adobe fixes zero-day exploit in e-commerce code: update now!

Make sure that the site where Magento or Adobe Commerce is actually running has downloaded and applied Adobe's latest patches.
Adobe has released security updates for Adobe Commerce and Magento Open Source.
Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.
According to Adobe, it seems that any Adobe Commerce or Magento installation running a version later than 2.3.3 that hasn't received the latest patches is vulnerable.
Watch your statements carefully if you've shopped recently at a site driven by Magento or Adobe Commerce.
Keep your eyes open for follow-up information from Adobe that gives actionable details about CVE-2022-24086 and the attacks known to have exploited it.
News URL
Related news
- XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
- Zero-Day Alert: Google Releases Chrome Patch for Exploit Used in Russian Espionage Attacks (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-16 | CVE-2022-24086 | Improper Input Validation vulnerability in multiple products Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability during the checkout process. | 0.0 |