Register now for better personalized quote!

Patch now: Adobe releases emergency fix for exploited Commerce, ?Magento zero-day

Feb, 14, 2022 Hi-network.com

Adobe has released an emergency patch to tackle a critical bug that is being exploited in the wild. 

Security

  • 8 habits of highly secure remote workers
  • How to find and remove spyware from your phone
  • The best VPN services: How do the top 5 compare?
  • How to find out if you are involved in a data breach -- and what to do next

On February 13, the tech giant said that the vulnerability impacts Adobe?Commerce and?Magento Open Source, and according to the firm's threat data, the security flaw is being weaponized "in very limited attacks targeting Adobe Commerce merchants."

Tracked as CVE-2022-24086, the vulnerability has been issued a CVSS severity score of 9.8 out of 10, the maximum severity rating possible. 

The vulnerability is an improper input validation issue, described by the Common Weakness Enumeration (CWE) category system as a bug that occurs when a "product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly."

CVE-2022-24086 does not require any administrator privileges to trigger. Adobe says the critical, pre-auth bug can be exploited in order to execute arbitrary code. 

As the vulnerability is severe enough to warrant an emergency patch, the company has not released any technical details, which gives customers time to accept fixes and mitigates further risks of exploit. 

The bug impacts Adobe Commerce (2.3.3-p1-2.3.7-p2) and Magento Open Source (2.4.0-2.4.3-p1), as well as earlier versions. 

Adobe's patches can be downloaded and manually applied here. 

Earlier this month, Adobe issued security updates for products including Premiere Rush, Illustrator, and Creative Cloud. The patch round tackled vulnerabilities leading to arbitrary code execution, denial-of-service (DoS), and privilege escalation, among other issues. 

Last week, Apple released a fix in iOS 15.3.1 to squash a vulnerability in Apple's Safari browser that could be exploited for arbitrary code execution.

In February's Patch Tuesday, Microsoft resolved 48 vulnerabilities including one publicly-known zero-day security flaw. 

Previous and related coverage

  • Microsoft February 2022 Patch Tuesday: 48 bugs squashed, one zero-day resolved
  • SAP releases patches for ICMAD vulnerabilities, log4j issues, more
  • Get updating: Apple releases iOS 15.3.1 patch for 'actively exploited' security flaw

Have a tip?Get in touch securely via WhatsApp Signal at +447713 025 499, or over at Keybase: charlie0


tag-icon Hot Tags : Tech Security

Copyright © 2014-2024 Hi-Network.com | HAILIAN TECHNOLOGY CO., LIMITED | All Rights Reserved.