Security News
It's not 'Patch Tuesday,' but software giant Adobe today released emergency updates for three of its widely used products that patch dozens of newly discovered critical vulnerabilities. The list of affected software includes Adobe Illustrator, Adobe Bridge, and Magento e-commerce platform, containing a total of 35 vulnerabilities where each one of them is affected with multiple critical arbitrary code execution flaws.
Adobe-owned Magento has plugged multiple critical vulnerabilities in its eponymous content management system, the most severe of which could be exploited by attackers to achieve arbitrary code execution. According to the newest Magento-themed security bulletin, three of the six fixed flaws are critical and three are important.
Magento 2.3.4 was released this week with patches for six vulnerabilities, including three that are considered critical. Another critical flaw that could allow for the execution of arbitrary code is CVE-2020-3718, which Adobe describes as a security bypass issue.
Critical vulnerabilities in Adobe's Magento e-commerce platform - a favorite target of the Magecart cybergang - could lead to arbitrary code execution. Out of the flaws, Adobe has fixed three that it rates as critical in severity, meaning that successful exploits could "Allow malicious native code to execute, potentially without a user being aware."
Adobe’s Magento Marketplace has suffered a data breach, the company has said in an email sent to customers.
E-Commerce Platform User Data Exposed Exploited; Vulnerability Now FixedAdobe says its e-commerce Magento Marketplace has been breached, exposing usernames, email addresses and more. The software...
Adobe-owned e-commerce platform Magento recently informed some Magento Marketplace users that an unauthorized third-party had gained access to their account information. read more
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately....
The platform is a favorite target for the Magecart collective of card-skimming threat groups.
Popular ecommerce platform Magento is advising users to apply patches for a remote code execution flaw that could allow unauthenticated attackers to deliver malicious payloads. read more