Adobe fixes critical preauth vulnerabilities in Magento
Adobe has released a large Patch Tuesday security update that fixes critical vulnerabilities in Magento and important bugs in Adobe Connect.
The complete list of Adobe Products receiving security updates today and the number of fixed vulnerabilities are below:
In total, Adobe fixed 29 vulnerabilities with today’s updates.
Almost all Critical vulnerabilities could lead to arbitrary code execution, allowing threat actors to execute commands on vulnerable computers.
Out of the Adobe security updates released today, Magento has the most fixes, with 26 vulnerabilities.
Of particular concern are ten pre-authentication vulnerabilities in Magento that can be exploited without logging into the site.
Some of these preauth vulnerabilities are remote code execution and security bypasses, allowing a threat actor to control a site and it’s server.
Install updates immediately
While there were no known actively exploited zero-day vulnerabilities, Adobe advises customers to update to the latest versions as soon as possible.
This urgency is because threat actors can compare older versions of the software with the patched versions to determine what code is vulnerable and create exploits to target these vulnerabilities.
In most cases, users can update their software by using the auto-update feature of the product using the following steps:
- By going to Help > Check for Updates.
- The update installers can be downloaded from Adobe’s Download Center.
- Let the products update automatically, without requiring user intervention, when updates are detected.
For Magento updates, you will need to download the appropriate patches and install them manually.
If the new update is not available via autoupdate, you can check the security bulletins linked above for the latest download links.