Security News > 2022 > February > Adobe: Zero-Day Magento 2 RCE Bug Under Active Attack
A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend.
If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.
If you are running a version of Magento 2 between 2.3.3 and 2.3.7, you should be able to manually apply the patch, as it only concerns a few lines;.
SanSec noted on Monday that the bug came to light on Jan. 27, and that "This vulnerability has a similar severity as the Magento Shoplift vulnerability from 2015. At that time, nearly all unpatched Magento stores globally were compromised in the days after the exploit publication."
Updating is important for online merchants: The Magecart group famously targets unpatched versions of Magento in particular, looking for a way to plant credit-card skimmers on the checkout pages of eCommerce websites.
Last week, SanSec reported a wave of skimming attacks targeting more than 500 sites, in particular those using outdated and unsupported Magento 1 implementations.
News URL
https://threatpost.com/adobe-zero-day-magento-rce-attack/178407/
Related news
- Palo Alto Networks warns of critical RCE zero-day exploited in attacks (source)
- New Cleo zero-day RCE flaw exploited in data theft attacks (source)
- Google fixes two Android zero-days used in targeted attacks (source)
- Critical Veeam RCE bug now used in Frag ransomware attacks (source)
- New Flaws in Citrix Virtual Apps Enable RCE Attacks via MSMQ Misconfiguration (source)
- Microsoft patches Windows zero-day exploited in attacks on Ukraine (source)
- CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Palo Alto Networks patches two firewall zero-days used in attacks (source)
- Apple fixes two zero-days used in attacks on Intel-based Macs (source)