Close security issues with the latest security updates by Adobe

Perhaps you have heard in the news tens of thousands of sites got hacked, and more than once.   The Adobe team usually acts immediately.  Today we keep you up to date with the latest security updates by Adobe. You will see briefly about CVE-2024-34102 and CVE-2024-39397 patches to secure your store against vulnerability to security issues.

Let’s start with the latest bug and its resolution. Note, that merchants should apply the security update to avoid the vulnerability for the affected products and versions.

CVE-2024-39397

The issue was reported in August 2024. See the affected products and versions.

Adobe Commerce on Cloud, Adobe Commerce on-premises, and Magento Open Source:

  • 2.4.7-p1 and earlier
  • 2.4.6-p6 and earlier
  • 2.4.5-p8 and earlier
  • 2.4.4-p9 and earlier

 

Here are release notes for Isolated Patch on CVE-2024-39397 by Adobe released lately. Note also that security update available for Adobe Commerce APSB24-61 is applicable only when using the Apache web server.

CVE-2024-34102

The issue was announced in June. See the affected products and versions.

Adobe Commerce:

  • 2.4.7 and earlier
  • 2.4.6-p5 and earlier
  • 2.4.5-p7 and earlier
  • 2.4.4-p8 and earlier
  • 2.4.3-ext-7 and earlier
  • 2.4.2-ext-7 and earlier

Magento Open Source:

  • 2.4.7 and earlier
  • 2.4.6-p5 and earlier
  • 2.4.5-p7 and earlier
  • 2.4.4-p8 and earlier

Adobe Commerce Webhooks Plugin 1.2.0 to 1.4.0.

And immediately, Adobe released security updates for CVE-2024-34102 via ( APSB24-40) to protect the potential exploits and an isolated patch to help customers update more quickly.

In total, in June 2024, 168 security flaws were patched using a patch manager. Security updates addressed 13 critical vulnerabilities in different software. The vulnerabilities could have impacted services through Cross-Site Scripting, Remote Code Execution, Denial of Service, Elevation of Privilege, Security Restriction Bypass, and Information Disclosure.

Here are release notes for Isolated Patch on CVE-2024-34102.

Please apply the latest security updates

Patching is important. Regular patch updates fix performance bugs and provide enhanced security features.

This patch solution remediates vulnerabilities automatically. To complete protecting your website you just have to apply the latest security updates as soon as possible. Otherwise, your store will be vulnerable to security issues.

You can contact our Support team if you have difficulties applying the security patch. Stay in touch and experience security with SwissupLabs.