Security Update APSB24-73 for Adobe Commerce: Everything You Need to Know

14 Oct 2024

Albert Wood

On October 8, 2024, Adobe released APSB24-73, a critical security update for Adobe Commerce, Magento Open Source, and the Adobe Commerce Webhooks Plugin. This update addresses several vulnerabilities that could lead to arbitrary code execution, unauthorized file system access, privilege escalation, and bypassing of security features.

Key Vulnerabilities Addressed

The vulnerabilities covered by this patch include:

Improper authentication and access control
Stored Cross-site Scripting (XSS)
Server-Side Request Forgery (SSRF)
Time-of-check Time-of-use (TOCTOU) race condition

These issues pose a significant risk, making it essential for businesses to act swiftly by applying the update to prevent potential security breaches.

Affected Versions

The update impacts several versions of Adobe Commerce and Magento Open Source, including:

Adobe Commerce: Versions prior to 2.4.7-p2 and earlier,2.4.6-p7 and earlier,2.4.5-p9 and earlier, 2.4.4-p10 and earlier
Adobe Commerce B2B: Versions before 1.4.2-p2 and related patches.
Magento Open Source: Any release before 2.4.7-p2 or earlier versions of the 2.4.x series.

CVE-2024-45115, a specific vulnerability, is isolated to the B2B module, with Adobe releasing a standalone patch to address it effectively.

Recommended Action

Adobe strongly urges users to apply the patches immediately to avoid potential security risks. For those using the B2B module, ensure that the isolated patch for CVE-2024-45115 is implemented. This helps minimize the window of exposure to vulnerabilities.

How to Install the Update

Download the relevant patch files or apply the Quality Patches Tool as recommended by Adobe.
If using Adobe Commerce on the Cloud platform, confirm the successful installation by reviewing the patch status with the provided tools.
Unsure if your version is affected or not comfortable applying security patches? Get it done right and have peace of mind let the Magento 2 certified developers at ioVista take care of it for you.

By keeping Adobe Commerce up-to-date, businesses can safeguard their stores from data breaches and maintain operational integrity.

For more details, you can review the full security bulletin from Adobe and implementation guides provided by the platform experts.

Official Link – https://helpx.adobe.com/security/products/magento/apsb24-73.html

Albert Wood

Albert Wood is an accomplished eCommerce Business Analyst. As a technology futurist and sales motivator at ioVista, Albert is dedicated to transforming struggling eCommerce businesses into thriving enterprises. With a keen focus on client’s business processes, user experience (UX), and leveraging the power of digital marketing, he helps businesses optimize their online presence and drive sustainable growth. Albert’s passion is for virtual reality (VR), augmented reality (AR), and mixed reality (MR), immersing himself in unforgettable experiences and exploring the limitless possibilities they offer. His enthusiasm for these emerging technologies fuels his drive to push the boundaries of innovation in eCommerce.