Adobe has released an urgent security update, APSB24-40, which is specifically targeting the CVE-2024-34102 vulnerability for its Adobe Commerce and Magento Open Source platform.
Here, I will cover the important elements of this security update, which will help you keep your Magento store protected and safe from any security risks.
Why the APSB24-40 Security Update?
On June 27, 2024, Adobe released an isolated patch for CVE-2024-34102. Since the patch has been exploited, it has affected their Adobe Commerce merchant.
This new Adobe security update, APSB24-40, protects the potential exploits targeting the CVE-2024-34102 vulnerability.
Which are the Affected Products & Versions?
Here are the affected products and their versions.
| Affected Products, Versions, and Platforms | ||||||
|---|---|---|---|---|---|---|
| Product | Versions | Platform | ||||
| Adobe Commerce | 2.4.7 and earlier2.4.6-p5 and earlier2.4.5-p7 and earlier2.4.4-p8 and earlier2.4.3-ext-7 and earlier*2.4.2-ext-7 and earlier* | All | ||||
| Magento Open Source | 2.4.7 and earlier2.4.6-p5 and earlier2.4.5-p7 and earlier2.4.4-p8 and earlier | All | ||||
| Adobe Commerce Webhooks Plugin | 1.2.0 to 1.4.0 | Manual Plugin Installation | ||||
Solution to Stay Away From The Vulnerability
Adobe has come up with a security update version to address the latest security vulnerabilities and provided a fix for the CVE-2024-34102 vulnerability.
Here are the detailed instructions for it.
| Product | Updated Version | Installation Instructions |
|---|---|---|
| Adobe Commerce | 2.4.7-p1 for 2.4.7 and earlier2.4.6-p6 for 2.4.6-p5 and earlier2.4.5-p8 for 2.4.5-p7 and earlier2.4.4-p9 for 2.4.4-p8 and earlier2.4.3-ext-8 for 2.4.3-ext-7 and earlier*2.4.2-ext-8 for 2.4.2-ext-7 and earlier* | 2.4.x release notes |
| Magento Open Source | 2.4.7-p1 for 2.4.7 and earlier2.4.6-p6 for 2.4.6-p5 and earlier2.4.5-p8 for 2.4.5-p7 and earlier2.4.4-p9 for 2.4.4-p8 and earlier | 2.4.x release notes |
| Adobe Commerce Webhooks Plugin | 1.5.0 | Upgrade Modules and Extensions |
| Adobe Commerce and Magento Open Source | Isolated patch for CVE-2024-34102: ACSD-60241Works with all Adobe Commerce and Magento Open Source versions (2.4.4 – 2.4.7) | Release Notes for Isolated Patch |
Safeguard Your Store!
Protect your store from such vulnerabilities using this latest security update from Adobe. If you need technical help or a professional Magento Patch Installation Service, we are just a click away to safeguard your store from such security vulnerabilities.
