Magento issues new SUPEE-7405 Security Patch

Security-Blog-Magento-Patches_5

It’s time for another Magento patch. Today, Magento Commerce released a very import security patch, named SUPEE-7405, and with this new patch, comes two new versions of Magento, 1.9.2.3, for those users that are still on the 1.x versions, and 2.0.1 for the early adopters of the brand new Magento 2.0 version.

Now, you might ask, do I need to install this version? We are PKZ MEDIA think you should seriously consider it! Before this patch, an attacker could, during customer registration on the storefront, provide an email address that contains JavaScript code. Magento does not properly validate this email and executes it in Admin context when viewing the order in the backend. This JavaScript code can steal an administrator session or act on behalf of a store administrator. This issue affects all Magento CE versions prior to 1.9.2.3, and Magento EE prior to 1.14.2.3. This is a very serious issue, and you should definitely consider upgrading.

However, Magento states that up to today, so far there are no confirmed attacks related to these security issues, but certain vulnerabilities can potentially be exploited to access customer information or take over administrator sessions.

You can download the patch and release from the Community Edition Download Page and learn more at https://magento.com/security/patches/supee-7405.

Now, if you are a monthly maintenance customer here at PKZ Media, you are lucky, because your store was updated as soon as we’ve got our hands on the latest Magento version. If you are not a monthly maintenance customer with us, get intouch, we can give you some free information on the benefits of becoming a member.

Tags: