In recent months Magento has issued several critical patches to address a host of different bugs, weaknesses and vulnerabilities. While many stores are fine on older version of Magento (eg. 1.6, 1.7, etc) The patches are absolutely necessary to prevent any malware or malicious attacks on your site.
Below is a few popular vulnerabilities that Magento has released patches for:
- Security patch 5344 (Shoplift)
Shoplift is a vulnerability within Magento that can potentially allow a hacker control of your online shop! This could lead to stolen customer records, privacy breaches and more
The leak is fixed by patch SUPEE-5344. Released Feb 9th, 2015.
- Security patch 6285 (XSS, RSS)
Patch SUPEE-6285 fixes a bug where hackers could potentially hijack a customers account and steal their information and order details through the RSS feature. Released July 7th, 2015.
- Security patch 6482 (XSS)
Patch SUPEE-6482 fixes a security hole where hackers can take control over customer’s sessions in the Enterprise edition, although it only had minor security risks in the Community edition. Released Aug 4th, 2015
Fortunately you can quickly and easily check if your Magento security needs have been patched and applied by having a quick (and free) scan at https://www.magereport.com
If you need assistance installing these patches, please contact Digital Boutique