Critical Security Updates Released for Magento & Visual Studio Code
December 14, 2020 | Author: Alex ClarkSecurity remains one of the top selling-points of Magento. The eCommerce platform’s relentless focus on data security for both merchants and customers make it a globally loved solution. Adobe, which owns Magento, recently released several Magento 2 security patch updates for both the Open Source and Commerce versions. The release coincided with another significant update for Magento developers: Microsoft’s Visual Studio Code. Both Adobe and Microsoft published these updates on October 15, 2020.
These updates are likely to further strengthen the security aspects of Magento 2 development services. Whether you already run an online store on Magento or planning to build a new one, security updates are equally pivotal. They not just dramatically reduce your site’s vulnerability but also enhance performance. Below discussed are the details about the updates released by Adobe and Microsoft.
Adobe’s updates for Magento Commerce & Open Source
The security updates that Adobe released to resolve vulnerabilities that were rated important and critical. According to Adobe, these vulnerabilities affected multiple versions of Magento 2. Hence these Magento 2 security patch updates protect those versions from a wide array of risks.
In total, the updates offer patches for nine different vulnerabilities. Most of these are exploitable without credentials. These vulnerabilities exert functionalities including:
- Arbitrary code execution
- Unauthorized customer list modification
- Unauthorized access to restricted resources
- Disclosure of document root path
- Unauthorized CMS modification
One of the most critical vulnerabilities of all— CVE-2020-24408 —allows users to upload malicious JavaScript via the file upload component of Magento. It’s usually exploited by attackers to get access to your site’s administrative functionalities.
Microsoft’s Visual Studio Code updates
In its latest Visual Studio Code update, Microsoft has foxed a remote execution vulnerability. Visual Studio is a code editor popular among Magento developers worldwide. The tool is available for Windows, macOS, and Linux.
Attackers can exploit this vulnerability by convincing a user to clone their repository and open it in Visual Studio Code. It would enable the attacker to execute attacker-specific code in the Visual Studio editor. Such an attack might significantly compromise a Magento 2 development project’s security, according to Microsoft. The attacker can take complete control of the compromised system if the target uses an account with administrative access.
Microsoft has also fixed a remote code execution flaw related to Windows Codex Library. The flaw affected the way the library handles the object in memory. It could be triggered by a program that processes a specifically created image file. Microsoft said that the flaw only affects Windows 10 users who installed the optional HEVC or “HEVC from device manufacturer” media codecs from Microsoft Store.
Magento 2 for bolstering eCommerce security
As you may already know, the official support for Magento 1 ended in June 2020. So, if you’re still using an outdated Magento version, it’s high time you update it by choosing to hire Magento developers from a reliable company. Magento 1 users no longer receive security updates and patches like the ones we discussed in this post. It makes your site intensely vulnerable to malware and attacks from hackers.
With Magento 2, you get a flurry of advanced security features that bolsters your online store’s safety. Top security measures offered by Magento include clickjacking prevention, end-to-end encryption, and support for cryptographic password hashing, among many others.
Conclusion
Magento’s proactive approach to ensuring security makes it one of the most reliable eCommerce platforms. Besides, it offers a battery of cutting-edge commerce capabilities that make things easier for developers and merchants alike. Be it the next-gen technologies or the immersive shopping experiences, Magento stores stand out.
At AgentoSupport, a customer experience focused Magento 2 support provider, we continually upgrade our offerings and capabilities with shifting market trends. We also enthusiastically follow every minor and major update released by Magento, so our clients get them at the earliest.
Frequently Asked Question
What is Visual Studio Code used for?
Visual Studio Code is a popular code editor developed by Microsoft. It offers support for development operations like debugging, task running, and version control, among others. Visual Studio Code aims to provide just the tools a developer needs for a quick development cycle.
How much does it cost to build a site on Magento 2?
The cost of designing and developing a Magento 2 eCommerce website depends heavily on your requirements. If you have an existing Magento 1 online store, just need to migrate the store. The cost of migration will be lower than developing a website from scratch. AgentoSupport offers reliable Magento eCommerce development services at a market-best price.
What is the difference between Magento 1 and 2?
The most striking differences between Magento 1 and Magento 2 are related to performance and security. Magento 2 is faster, supports the latest PHP, and improves the overall speed of your website. Magento 2 websites are more secure.
What is the difference between Magento Open Source and Magento Commerce?
Magento Commerce, previously known as Magento Enterprise Edition, is designed for large enterprises that require premium support levels and a broader set of functionalities. Magento Open Source (or Magento Community) has a license fee and offers comparatively limited support services.