On 8th October, Adobe released a Priority 2 security update for both Magento Open Source and Adobe Commerce.
| Bulletin ID | Date Published | Priority |
| APSB24-73 | 8th October, 2024 | 2 |
The security update fixes vulnerabilities ranging from critical to moderate vulnerabilities. In Adobe’s own definition, a ‘critical’ vulnerability is one that could be exploited to allow malicious, native-code to run, potentially without the user being aware. This is part of Adobe’s robust and regular updates to ensure platform security remains a high priority.
The new Magento update has been labelled as ‘Priority 2’, meaning the vulnerabilities have historically been at elevated risk. Adobe confirms that there are currently no known exploits and do not anticipate that exploits are imminent at this stage. However, it is highly recommended to keep your platform security up to date to fix such critical vulnerabilities such as improper authentication via security feature bypass, as well as arbitrary file read and execution.
The versions of Magento Open Source and Adobe Commerce affected by the security update are listed below:
| Product | Version | Platform |
| Magento Open Source | 2.4.7-p2 and earlier2.4.6-p7 and earlier2.4.5-p9 and earlier2.4.4-p10 and earlier | All |
| Adobe Commerce | 2.4.7-p2 and earlier2.4.6-p7 and earlier2.4.5-p9 and earlier2.4.4-p10 and earlier | All |
| Adobe Commerce B2B | 1.4.2-p2 and earlier1.3.5-p7 and earlier1.3.4-p9 and earlier1.3.3-p10 and earlier | All |
To find out more about the security update, you can head to the latest Adobe Security Bulletin.
To find out more about how we can keep your Magento site secure for both Magento Open Source and Adobe Commerce, contact us at magic42.
