While we know that nothing is as secure as it was back in the day, the chances of getting hacked have become even more due to hackers looking at things in the minutest of ways to get inside. However, the problem is that many platforms have vulnerabilities that are being exploited by the hackers and their work becomes easier. Similar is the case with Magento which is now owned by Adobe. It is known that there has been a critical flaw found inside Adobe’s Magento that reportedly allowed code execution from the outside.
This is as severe a flaw as it gets because remote code execution should not be possible in any platform whatsoever. This could mean that people would just be able to delete or post anything they want remotely without the owner having any clue. Thankfully, Adobe has patched this flaw and we are now safe from this flaw. Adobe revealed that “Successful exploitation could lead to arbitrary code execution and signature verification bypass,”
A cyber attacking gang called Magecart cybergang reportedly had an expertise in the exploitation of this flaw and were getting inside people’s Magento stores through it. The company added that “Based on previous experience, we do not anticipate exploits are imminent. As a best practice, Adobe recommends administrators install the update soon (for example, within 30 days),”
And it goes without saying that the patches should be installed as soon as possible. The update which patches things is Magento Commerce 2 versions 2.4.0 or 2.3.5-p2 and if you are on any previous version, you should install the above version as soon as possible. Since this flaw has been exposed even more now, we expect those who do not patch their stores to be hacked. Also, people who have not updated from Magento 1 to Magento 2 are also under risk so make sure to upgrade as soon as possible.