Recently, we reported that Adobe released a new security patch to fix a critical vulnerability measured on the Common Vulnerability Scoring System (CVSS) as 9.8 out of 10 in severity. This vulnerability is known as CosmicSting (aka: CVE-2024-34102) and impacts both Magento Open Source and Adobe Commerce stores. We therefore urge you to update any Magento-based sites to ensure they remain protected against attack.
The ‘bug’ enables anyone to read private files, including those with passwords, giving full control to external sources. Worst yet, the attack can be automated and lead to global hacks en masse. That means the Magento CosmicSting vulnerability needs to be protected against.
Sansec released a report that revealed that only 25% of Magento-based stores have been upgraded since the release of Adobe’s patch. This may be, in part, due to the security release impacting checkout functionality to match new PCI requirements, which we have further details of on our Magento Update 11/06/2024.
As a Magento development agency, we at magic42 are helping our clients by rolling out an emergency manual patch that will better protect Magento stores from CosmicSting attacks.
If you are a client and wish for more assistance with the CosmicSting vulnerability for Magento, please get in contact with us to keep your Magento site secure for both Magento Open Source and Adobe Commerce.