Magento security patches are small pieces of code that are released by Magento whenever they find any security vulnerability with the system. It is a good idea to install any security patch released by Magento as soon as you get to know about it. The more you delay installation of such patches the more you make your store vulnerable to security risks. Especially since after the release of such patches the vulnerability itself comes into the limelight and gets discussed on various blogs and forums, thus giving ideas to hackers who wouldn’t have even known about it earlier.
The latest security patch released by Magento is codenamed “SUPEE 9652” and addresses the Zend library vulnerability, with Common Vulnerability Scoring Security v3 of 9.8 severity.
Here’s how Magento describes the vulnerability:
Zend Framework 1 vulnerability can be remotely exploited to execute code in Magento 1. While the issue is not reproducible in Magento 2, the library code is the same so it was fixed as well.
Note: while the vulnerability is scored as critical, few systems are affected. To be affected by the vulnerability the installation has to:
- use sendmail as the mail transport agent
- have specific, non-default configuration settings as described HERE.
How To Ensure Your Store Security?
Apart from installing all the patches released by Magento as and when you get to know about them. You should also get a technical and security audit done for your store, to make sure you haven’t missed out any security patch in the past.
Magereport.com is a good website to quickly check if your store is lacking any of the security patches.
Once you find out the missing patches from Mageport you can go ahead and download the missing patches and get them installed in your store.
Need Help With Installation?
If all this talk of security patches sounds too confusing or overwhelming, we are here to help! Just order the appropriate security patch installation service from our store and we will take care of the rest!