Get to know about the critical security advisory in the Magento web Platform
May 28 ,2015
As we know that a critical security flaw was identified in the Magento web platform that eventually allows unauthorized access to a eCommerce Magento web store. Here i would also like to share that a remote code execution exploit which was found on the date of 9th February 2015. After the released security patch the Magento community informed to business person and their partners to implement the patch to protect your sites from this security risk before the issue becomes public and the risk of attack was high. While a large number of eCommerce vendors have downloaded the patch and many of them still have not done yet. And the most difficult part of the open source Edition of Magento is only that the downloads available on the site do not contain the patches so. And I think it’s very easy way for users to just download and apply every patch which latest release up-to-date one is available.
I am sure that when you think about a critical Remote Code Execution at that time you are quite surprising that why Magento is circulated unsafe code this way. And also supposing that just find out to download the patches separately. I want to add that the fact is that version number don’t increase when patches applied. This is a very simple method to convince your users to consider the commercially supported version. As we know that Check Point researchers discovered a critical RCE vulnerability in the Magento web e-commerce web platform which affects both Magento Enterprise Edition and Magento Online shops. And also allow attackers to take control over a store and its important data, including financial and personal customer information.The RCE vulnerability that ultimately allow an unauthenticated attacker to execute PHP code on the web server which is quite wondering to know that.
With the security issue Magento community always suggest you all to immediate implement the security patch if you have not done so already then you can install the patch at the same time if it is not currently in place. If you suspect that the your site is not secure, contact the security department of your hosting company for an audit. For Enterprise Edition merchants, the patches can be found in the Magento Support Portal. For Community Edition merchants, the patches can be found on the Magento Community Edition download page. These are the simple but important steps to secure your Magento eCommerce Web Store.
I hope that you all get more knowledge about the Magento’s open source community policy as well as Important Security update regarding Magento eCommerce PHP Remote Code Execution issue. If you want to know more about this particular subject then you can visit the Magento special security patch page where you can get to depth knowledge of this Security update and it’s process so you should be more clear with this concept. As we have also shared some important recommendation that how you can protect your site.
Be act now to ensure that your Magento store is secure!