by: AdminPosted on:

Patch now: Adobe releases emergency fix for exploited Commerce,  Magento zero-day

[ad_1]

Adobe has released an emergency patch to tackle a critical bug that is being exploited in the wild. 

On February 13, the tech giant said that the vulnerability impacts Adobe Commerce and Magento Open Source, and according to the firm’s threat data, the security flaw is being weaponized “in very limited attacks targeting Adobe Commerce merchants.”

Tracked as CVE-2022-24086, the vulnerability has been issued a CVSS severity score of 9.8 out of 10, the maximum severity rating possible. 

The vulnerability is an improper input validation issue, described by the Common Weakness Enumeration (CWE) category system as a bug that occurs when a “product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.”

CVE-2022-24086 does not require any administrator privileges to trigger. Adobe says the critical, pre-auth bug can be exploited in order to execute arbitrary code. 

As the vulnerability is severe enough to warrant an emergency patch, the company has not released any technical details, which gives customers time to accept fixes and mitigates further risks of exploit. 

The bug impacts Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), as well as earlier versions. 

Adobe’s patches can be downloaded and manually applied here

Earlier this month, Adobe issued security updates for products including Premiere Rush, Illustrator, and Creative Cloud. The patch round tackled vulnerabilities leading to arbitrary code execution, denial-of-service (DoS), and privilege escalation, among other issues. 

Last week, Apple released a fix in iOS 15.3.1 to squash a vulnerability in Apple’s Safari browser that could be exploited for arbitrary code execution.

In February’s Patch Tuesday, Microsoft resolved 48 vulnerabilities including one publicly-known zero-day security flaw. 

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

[ad_2]

Source link

Related posts:

How to record a phone call on your iPhone

Jabra PanaCast 20 review: Finally, a high-quality webcam optimized for hybrid work

Get a Windows 11 Pro license for $30 to upgrade your security and work features

slot gacor slot gacor togel macau slot hoki bandar togel slot dana slot mahjong link slot link slot777 slot gampang maxwin slot hoki slot mahjong slot maxwin slot mpo slot777 slot toto slot toto situs toto toto slot situs toto situs toto situs toto situs toto slot88 toto slot slot gacor thailand slot bet receh situs toto situs toto slot toto slot situs toto situs toto situs toto situs togel macau toto slot slot demo slot pulsa slot pragmatic situs toto deposit dana 10k surga slot toto slot link situs toto situs toto slot situs toto situs toto slot777 slot gacor situs toto slot slot pulsa 10k toto togel situs toto slot situs toto slot gacor terpercaya slot dana slot gacor pay4d agen sbobet kedai168 kedai168 deposit pulsa situs toto slot pulsa situs toto slot pulsa situs toto situs toto situs toto slot dana toto slot situs toto slot pulsa toto slot situs toto slot pulsa situs toto situs toto situs toto toto slot toto slot slot toto akun pro maxwin situs toto slot gacor maxwin slot gacor maxwin situs toto slot slot depo 10k toto slot toto slot situs toto situs toto toto slot toto slot toto slot toto togel slot toto togel situs toto situs toto toto slot slot gacor