Adobe Commerce & Magento Open Source Security Update | APSB24-40 / CVE-2024-34102

Adobe Security Bulletin – APSB24-40

On June 11, 2024, Adobe released APSB24-40, a security update for Adobe Commerce and Magento Open Source. This update resolves critical, important, and moderate vulnerabilities. Successful exploitation could lead to arbitrary code execution, security feature bypass, and privilege escalation.

Security update available for Adobe Commerce | APSB24-40

Updated on June 27, 2024: Adobe has provided an isolated patch for CVE-2024-34102

In the fast-paced world of e-commerce, security remains paramount. The latest Adobe Security Bulletin, APSB24-40, underscores the critical importance of promptly applying security patches for Adobe Commerce and Magento Open Source. At Crimson Agility, we are committed to helping you maintain the integrity of your online store. Our certified Magento/Adobe Commerce professionals are ready to expertly install and rigorously test these essential updates, ensuring your site remains secure. Your site’s safety is our utmost priority.

Affected Versions of Adobe Commerce & Magento Open Source

Adobe has identified the following affected versions of Adobe Commerce, Magento Open Source, and Adobe Commerce Webhooks Plugin.

• Adobe Commerce: 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, 2.4.4-p8 and earlier, and more.
• Magento Open Source: 2.4.7 and earlier, 2.4.6-p5 and earlier, 2.4.5-p7 and earlier, and 2.4.4-p8 and earlier.
• Adobe Commerce Webhooks Plugin: 1.2.0 to 1.4.0

If you are using one of these versions, it is recommended that you take action immediately. Contact Crimson Agility if you need help.

Hacked ? CVE-2024-34102

“CosmicSting” (CVE-2024-34102) is a critical bug affecting Magento and Adobe Commerce stores. It allows cybercriminals to steal customer and payment data.

Sansec, a global leader in malware and vulnerability detection, indicated recently, “Almost a month ago, we warned about the CosmicSting attack that threatens 75% of Adobe Commerce stores. Sansec now observes mass-abuse of this vulnerability in the wild. Stores are getting hacked at a rate of 3 to 5 per hour, our live tracking reveals. International household brands are among the victims.”

Due to the criticality of CVE-2024-34102, Adobe released an isolated patch to help you remediate this vulnerability and give you more time to apply the full security patch. To help ensure that the remediation for this vulnerability can be applied as promptly as possible, Adobe has also released an isolated patch that resolves this issue alone.
This allows merchants to apply the fix in isolation with fewer risks of delay due to potential integration issues.

Crimson Agility can help identify if your site has been compromised, install the required patch, and remediate any related issues.

Adobe Commerce/Magento Support Services

With Managed Services from Crimson Agility, you can expect:

• Our team of experienced, certified developers will ensure a successful, hassle-free installation of the latest security patches without disruption to customers or business operations.
• Our quality team will rigorously test your website to verify that the patches are properly applied and the site is secure.
• Regularly updating your site with the newest security patches strengthens its defenses against potential threats, ensuring the protection of customer data and your business reputation.
• We proactively monitor Adobe Commerce and Magento Open Source releases continuously, allowing you to focus on your business with confidence.

Recommended Options

1. Apply Specific CVE-2024-34102 Patch: We can promptly deliver and implement this patch to resolve the current vulnerability without requiring a full upgrade.
2. Minor Upgrade: Involves less effort than a full upgrade and effectively addresses current vulnerabilities. (Example: Upgrading from 2.4.4-p3 to 2.4.4-p9.)
3. Major Version: This is the most dependable method to eliminate vulnerabilities while gaining new features and staying current.

Act now to safeguard your business from security vulnerabilities with our Magento Developer Support. Don’t risk waiting until it’s too late!

Additional Services

For comprehensive protection, we also provide the following services:

• Security Scans & Monitoring: Ongoing monitoring of your site to protect you and your customers.
• Health & Security Audit: Identifies and addresses potential security threats to ensure your site’s safety.

Receive professionally managed and monitored security for your online store with Crimson Agility – your trusted Magento and Adobe Commerce security partner.

If you have any questions or would like to discuss your specific needs, please don’t hesitate to contact our team or call us at (480) 506-0482. We are here to help you maintain the highest level of security for your Adobe Commerce or Magento store.

Best regards,
The Crimson Agility Team

Other Security Articles

• 
  Staying Ahead in E-Commerce: Why You Should Upgrade to Adobe Commerce 2.4.7
  by Rebeka Calcagniti
  January 22, 2025
• 
  Adobe Commerce & Magento Open Source Security Update | APSB24-73 / CVE-2024-45115
  by David Baier
  October 8, 2024
• 
  Adobe Commerce & Magento Open Source Security Update | APSB24-61 / CVE-2024-39397
  by David Baier
  August 22, 2024
• 
  Boost Your E-Commerce with Adobe Commerce 2.4.7: Key Enhancements and Upgrades
  by David Baier
  July 8, 2024