Adobe Warns Users Of A Critical Magento Zero-Day Vulnerability Under Attack

Adobe has just fixed a critical zero-day bug in the Magento platform, alerting users to update promptly. Exploiting the bug could allow code execution attacks.

Magento Zero-Day Bug Actively Exploited In The Wild

According to the details shared in a recent advisory, Adobe’s Magento platform had a serious security bug.

Magento is a popular open-source e-commerce platform facilitating online stores. Given its massive usage, any vulnerability in the platform directly affects thousands of online stores globally.

As elaborated in the advisory, a critical code execution flaw existed in the Adobe Commerce and Magento Open Source platforms. The tech giant even admitted active exploitation of the bug targeting certain online stores.

Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants.

The vulnerability, CVE-2022-24086, existed due to improper input validation, and didn’t require authentication. Also, exploiting the bug didn’t require admin privileges, hence making the vulnerability achieve a CVSS score of 9.8.

The bug typically affected Adobe Commerce versions 2.4.3-p1 and 2.3.7-along with their respective previous versions, and Magento Open Source including and prior to versions 2.4.3-p1 and 2.3.7-p2, for all platforms. However, it didn’t affect Adobe Commerce 2.3.3.

Consequently, Adobe addressed the glitch with the respective updated releases, Adobe Commerce MDVA-43395_EE_2.4.3-p1_v1 and Magento Open Source MDVA-43395_EE_2.4.3-p1_v1.

Since the updates are out, and the cybercriminals are already hunting for vulnerable sites, all users should rush to update their systems to avoid any attacks.

Besides, the cybersecurity firm Sansec has also urged users for the same as they expect mass-scale scanning for vulnerable systems shortly.

This update arrives as an “emergency fix” for Adobe Commerce a week after the tech giant released its Patch Tuesday updates for various products. Thus, users of Adobe Photoshop, Illustrator, After Effects, Adobe Premiere Rush, and Creative Cloud Desktop should also check their systems for the latest updates.

Let us know your thoughts in the comments.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients