On 13th August, 2024, Adobe has released a critical security update for Adobe Commerce (APSB24-61), addressing multiple vulnerabilities that could potentially allow attackers to execute arbitrary code, leading to unauthorized access or data breaches. This update is vital for all Adobe Commerce, Magento Open Source and Adobe Commerce Webhooks Plugin users to ensure the security of their websites.
Security update available for Adobe Commerce | APSB24-61
Security Vulnerabilities Addressed
The update addresses several critical and important vulnerabilities. These vulnerabilities include issues that could allow remote code execution, cross-site scripting (XSS), and unauthorized access to sensitive information. Adobe has categorized these vulnerabilities with a priority rating of 2, indicating that while there are no known exploits in the wild, it’s highly recommended to apply the update as soon as possible.
Affected Versions
The following versions are affected for Adobe Commerce on Cloud, Adobe Commerce on-premises, and Magento Open Source.
- 2.4.7-p1 and earlier
- 2.4.6-p6 and earlier
- 2.4.5-p8 and earlier
- 2.4.4-p9 and earlier
Solution
Adobe has provided patches to address these vulnerabilities. Apply the CVE-2024-39397 Isolated patch to resolve vulnerability issues for the affected products and versions. Users are advised to update to the latest version as soon as possible. The updates are available through the usual channels, and it is essential to follow the installation instructions carefully to ensure that your site is fully protected.
How to apply the Isolated patch?
- Use this attached Isolated patch: acsd-60551-composer-patch.zip
- Unzip the above file.
- Apply a composer patch for Adobe Commerce – Learn more
Final Thoughts
The APSB24-61 security update is a critical patch that addresses several serious vulnerabilities in Adobe Commerce and Magento Open Source. Given the nature of these vulnerabilities, it is crucial to apply the update as soon as possible to protect your site from potential threats. Ensuring the security of your eCommerce platform not only protects your business but also maintains the trust and confidence of your customers.
If you have not yet applied the update, prioritize this task today and safeguard your online store against potential security risks.