Important Magento Security Patch SUPEE-9652 Now Available

July 21, 2017

 

Magento have just released the latest security patch (SUPEE-9652) to further enhance the security of sites built on their platform.

 

If you're concerned about the security of your Magento website or have been hacked in the past then make sure to read the details below to update your site.

 

Alternatively, contact us to <a href="http://www.ecomus.co.uk/contact-us/" title="Contact a Magento Developer" target="_blank">speak to a Magento developer</a> about repairing and maintaining your site, including installation of current and future security patches.

 

------------------------------------------------------

 

SUPEE-9652

FEBRUARY 6, 2017

 

Community Edition 1.5.0.1-1.9.3.1: SUPEE-9652 or upgrade to Community Edition 1.9.3.2

 

APPSEC-1746 - Remote Code Execution using mail vulnerability

Type: Remote code execution (RCE)

CVSSv3 Severity: 9.8 (Critical)

Known Attacks: None

Description:

Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well.

 

Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the vulnerability the installation has to:

 

- use sendmail as the mail transport agent

 

- have specific, non-default configuration settings as described HERE.

 

Product(s) Affected: Magento Community Edition prior to 1.9.3.2

 

Please refer to SECURITY BEST PRACTICES for additional information on how to secure your site.

 

Be sure to implement and test the patch in a development environment first to confirm that it works as expected before deploying it to a production site.

 

 

Share on Facebook
Share on Twitter
Please reload

Recent Posts