Magento and Commerce Critical Bugs Get Urgent Security Patches

• Adobe’s latest Patch Tuesday fixes several critical vulnerabilities in Adobe Commerce and Magento Open Source.
• These flaws could permit code execution, privilege escalation, and security feature bypass attacks.
• The security bulletin also addresses issues in Adobe Lightroom, InCopy, InDesign, Substance 3D Stager, and FrameMaker.

Adobe has released essential patches addressing severe vulnerabilities across several key product lines, including Adobe Commerce, Magento Open Source, Adobe Dimension, Adobe Animate, and more. 

These updates are part of Adobe's monthly Patch Tuesday release and highlight significant risks, particularly on Windows and macOS platforms.

Adobe has identified 25 vulnerabilities within Adobe Commerce and Magento Open Source, two of which are marked at a critical severity level and have a CVSS score of 9.8/10. 

These vulnerabilities could enable code execution, privilege escalation, and security feature bypass attacks. Affected versions include Adobe Commerce 2.4.7-p2 and earlier and Magento Open Source 2.4.7-p2 and earlier.

Two critical vulnerabilities have been discovered in the Adobe Dimension software, posing potential risks of arbitrary code execution upon successful exploitation. At least 10 vulnerabilities have been documented separately, which could result in code execution and memory leaks and require immediate attention.

The update also addresses critical security issues in Adobe Lightroom, InCopy, InDesign, Substance 3D Stager, and FrameMaker.

Despite the severity of these vulnerabilities, Adobe’s product security incident response team has confirmed there are no known active exploitations in the wild. However, swiftly applying these patches is crucial to mitigate potential threats.

For businesses and individuals reliant on Adobe's products, it is imperative to promptly apply these updates to safeguard against potential security breaches. Stay vigilant and ensure your systems remain protected by keeping software up-to-date with the latest security patches.