Magento Security Patches
Security Updates and News
- Magento Security Patch 2.2.1, 2.1.10 and 2.0.17 Update
- Magento 2.0.6 Security Update
- Magento 2.0.4 Security Update
- Magento 2.0.16 and 2.1.9 Security Update
- Magento 2.0.14 and 2.1.7 Security Update
- Magento Security Update 2.0.10 and 2.1.2
- SUPEE-6788 Address Zend Framework Vulnerability Update
- Magento Security Patch 2.0.1 Update
- SUPEE-6788 Technical Details
Magento Security Patch SUPEE-10266
Released by Magento on September 14, 2017, SUPEE-10266 is a security patch for both Commerce and Open Source platforms. Addressing both security and performance issues experienced by Magento merchants, SUPEE-10266’s most important components are solutions for various security susceptibilities, including issues with the following detected vulnerabilities:
- Cross-site scripting: Cross-site scripting (XSS) is a well-known attack that works by inserting harmful strands of code into an unprotected website or application. XSS is different from other forms of web attacks because it does not target the website or application in question. Rather, these attacks target the individuals using a website or application, which places all users of the chosen system at risk. XSS attacks may put user accounts in jeopardy, allow content to be adjusted, and force users to submit private information and data. This threat has the potential to cause major damage to an online company’s credibility.
- Remote code execution (RCE): Also known as arbitrary code execution, remote code execution refers to an intruder’s capacity to obtain access to a computer system or electronic device and make alterations regardless of where the device in question resides. Unprotected systems are susceptible to hackers with harmful code, which can be used to infiltrate a system or electronic device. After successfully invading the system, attackers usually try to escalate their privileges to take comprehensive control of the system.
Additional lower risk security risks addressed in SUPEE-10266 are:
- Unregulated data dispense
- Denial of service
This release also contains repairs to assist with the overall functioning of the Magento platform, including
- Problems with image refreshment
- Malfunctioning of earlier patches
- Issues encountered when using the one-step checkout method to pay one’s bill.
As you can see, SUPEE-10266 contains essential enhancements that can prevent intruders from infiltrating and severely damaging your server and business. Forix advises all Magento users to apply SUPEE-10266 as soon as possible in order to receive security repairs and functional improvements for their Magento markets.
Patches are now accessible for several Magento editions. Consider the following options to determine which is right for you.
- For Magento Open Source versions 126.96.36.199-188.8.131.52, either install SUPEE-10266 or upgrade to Magento Open Source 184.108.40.206
- For Magento Commerce editions 220.127.116.11-18.104.22.168, either install SUPEE-10266 or upgrade to Magento Commerce 22.214.171.124
Note: To ensure that your latest Magento security patch is installed and working properly, always test the patch in an operational environment prior to positioning it for live use.
Despite the security and underlying functional advancements, there are some issues that may arise after the installation of security patch SUPEE-10266. Under some circumstances, SUPEE-10266 may create problems in the payment procedures. For example, using the “add gift” feature in check-out can cause the system to prevent a user from going forward to the next portion of the check-out. This problem can be fixed with the installation of patch SUPEE-10348. However, in order to resolve this issue, you must install SUPEE-10266 first and then proceed to install SUPEE-10348.
Merchants encountering this problem can correct it by renewing the following two files to their pre-patched editions:
Get Magento SUPEE-10266 Security Patch Installed Today
The professionals at Forix have extensive experience with Magento security patches and can provide assistance to make sure your installation goes smoothly.