Security News

Adobe has put out a warning about another critical security bug affecting its Magento/Adobe Commerce product - and IT pros need to install a second patch after an initial update earlier this week failed to fully plug the first one. It's tracked as ​​CVE-2022-24087 and - like the earlier vuln, CVE-2022-24086 - impacts both Magento Open Source and Adobe Commerce.

Another zero-day bug has been discovered in the Magento Open Source and Adobe Commerce platforms, while researchers have created a working proof-of-concept exploit for the recently patched CVE-2022-24086 vulnerability that came under active attack and forced Adobe to push out an emergency patch last weekend. The new flaw, detailed on Thursday, has the same level of severity assigned to its predecessor, which Adobe patched on Feb. 13.

Security researchers have created exploit code for CVE-2022-24086, the critical vulnerability affecting Adobe Commerce and Magento Open Source that Adobe that patched in an out-of-band update last Sunday. The vulnerability, which Adobe saw being "Exploited in the wild in very limited attacks," received a severity score of 9.8 out of 10 and adversaries exploiting it can achieve remote code execution on affected systems without the need to authenticate.

Adobe has released an out-of-band security update for Adobe Commerce and Magento Open Source to address active exploitation of a known vulnerability, and Google has an emergency issue, too. "Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants," the Silicon Valley stalwart said.

Make sure that the site where Magento or Adobe Commerce is actually running has downloaded and applied Adobe's latest patches. Adobe has released security updates for Adobe Commerce and Magento Open Source.

A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend. If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.

Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection solutions, Avanan security researcher Jeremy Fuchs warns. This new wave of attacks started in December 2021, and they are exploiting the fact that Adobe's apps are designed to foster collaboration by sharing documents.

Attackers are leveraging Adobe Creative Cloud to target Office 365 users with malicious links that appear to be coming legitimately from Cloud users but instead direct victims to a link that steals their credentials, researchers have discovered. Though attackers are primarily targeting Office 365 users - a favorite target among threat actors - researchers have seen them hit Gmail inboxes as well, Jeremy Fuchs, cybersecurity research analyst at Avanan, told Threatpost.

The Emotet malware is now distributed through malicious Windows App Installer packages that pretend to be Adobe PDF software.The threat actors behind Emotet are now infecting systems by installing malicious packages using a built-in feature of Windows 10 and Windows 11 called App Installer.

Out of 92 security vulnerabilities, 66 are rated critical in severity, mostly allowing code execution. Adobe has dropped a mammoth out-of-band security update this week, addressing 92 vulnerabilities across 14 products.