Magento Security Patch SUPEE-10570

 

Released by Magento on February 27, 2018, SUPEE-10570 is the latest security platform for both the Magento Commerce and Open Source platforms. We recommend vendors download the latest security patch to make sure your system is completely up to date.

 

It is important to stay on top of the latest security patch updates to ensure that your system is functioning properly. This update contains several security upgrades to help reduce critical security issues such as the following:

 

Remote Code Execution (RCE): Remote code execution occurs when a hacker accesses a computer application or device remotely and proceeds to make changes or access user information.

 

Cross-Site Request Forgery (SCRF): Cross-site forgery breaches can trick a server application into transporting unauthorized requests when a user logs in. Typically, CSRFs are embedded in emails containing harmful links designed to trick the user into transferring a command unknowingly to a server or website application.

 

Cross-site Scripting (XSS): Cross-site scripting (XSS) is a security breach that injects harmful code into a vulnerable application or website. Unlike other types of security breaches, XSS target the users of a website or application rather than the admins. XSS can put all user accounts at risk by allowing changes or access to sensitive user content and data.

 

It is clear SUPEE-10570 has vital security enhancements to deter hackers from filtering in and causing harm to your Magento store and business. Forix highly recommends all Magento admins advance to SUPEE-10570 to immediately to access the benefits and enhancements their Magento stores. By fully updating your system, you can live with the peace of mind that your site will be safe from the threat of hackers.

 

Upgrades are now ready for installation in the following versions:

 

  • Magento Open Source 1.5.0.0-1.9.3.4 users can either upgrade to SUPEE-10570 or progress to Magento Open Source 1.9.3.8

 

  • Magento Commerce 1.9.0.0-1.14.3.7 users can either upgrade to SUPEE-10570 or progress to Magento Commerce 1.14.3.8

 

Possible Problems

 

Magento has been notified of a problem with the SUPEE-10570 upgrade and Magento versions 1.9.3.8 and 1.14.3.8, which can prevent customers from achieving checkout when attempting to sign up during the process. Magento now presents SUPEE-10570v2, which is an improved patch correcting this problem. However, the updated patch SUPEE-10570v2 does not offer protection from two low-risk security issues that patch SUPEE-10570 defended against.

 

If you have not installed SUPEE-10570v1, do not install it. Rather, download and implement SUPEE-10570v2. If you have already installed the first version of the upgrade, first uninstall SUPEE-10570v1 and proceed to download SUPEE-10570v2. It is important for all merchants to advance to SUPEE-10570v2 because Magento will utilize this upgrade a foundation for new upgrades and future security patch editions.

 

If your Magento upgrade is unsuccessful when attempting to cover lib/Zend/Mail/Transport/Sendmail.php, this may indicate your installation was upgraded with SUPEE-9652v1 rather than SUPEE-9652v2. To remedy this, regress the upgrade SUPEE-9652v1 and implement SUPEE-9652v2 before trying to implement SUPEE-10570.