Security News

Make sure that the site where Magento or Adobe Commerce is actually running has downloaded and applied Adobe's latest patches. Adobe has released security updates for Adobe Commerce and Magento Open Source.

A zero-day remote code-execution bug in the Magento 2 and Adobe Commerce platforms has been actively exploited in the wild, Adobe said - prompting an emergency patch to roll out over the weekend. If you are running Magento 2.3 or 2.4, install the custom patch from Adobe ASAP, ideally within the next few hours;.

Adobe rolled out emergency updates for Adobe?Commerce and?Magento Open Source to fix a critical vulnerability tracked as CVE-2022-24086 that's being exploited in the wild. Administrators of online stores running Adobe Commerce or Magento Open Source versions 2.4.3-p1/2.3.7-p2 and below are strongly advised to prioritize addressing CVE-2022-24086 and apply the update as soon as possible.

Here on Naked Security, we've been lamenting the mysterious nature of Apple's security updates for ages. In the sudo bug case, Apple did eventually come to the party, and updated its own products in September.

Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year. As the data shows, the average period software vendors needed to issue security fixes reported by Project Zero last year was 52 days, down from 80 days three years ago.

Apple has patched yet another zero-day vulnerability, this time in its WebKit browser engine, that threat actors already are actively exploiting to compromise iPhones, iPads and MacOS devices. "Apple is aware of a report that this issue may have been actively exploited," the company wrote in its update notes.

Another month, another zero-day exploited in the wild that has been fixed by Apple. Apple fixed it in iOS 15.3.1 and iPadOS 15.3.1, macOS Monterey 12.2.1, and Safari 15.3.

Apple on Thursday released security updates for iOS, iPadOS, macOS, and Safari to address a new WebKit flaw that it said may have been actively exploited in the wild, making it the company's third zero-day patch since the start of the year. Tracked as CVE-2022-22620, the issue concerns a use-after-free vulnerability in the WebKit component that powers the Safari web browser and could be exploited by a piece of specially crafted web content to gain arbitrary code execution.

Apple has released security updates to fix a new zero-day vulnerability exploited in the wild by attackers to hack iPhones, iPads, and Macs. Successful exploitation of this bug allows attackers to execute arbitrary code on iPhones and iPads running vulnerable versions of iOS and iPadOS after processing maliciously crafted web content.

Oh, blessed day: Microsoft's Patch Tuesday is a featherweight in comparison to some of its not-atypical, 10-ton security updates, with just 51 patches - none of them rated critical. February's patch-a-palooza is light not just in number of CVEs, but also in that it comes with nary a single patch that's labeled critical.