logo
logo

Magento attacks uncanny hacks-men with shopper-popper patch

avatar
Frances Hill
img

The vulnerability CVE-2016-4010 is fixed in version 2.0.6 issued overnight.

Magento handed the flaw a 9.8 out of 10 severity score explaining that the platform installation code is no longer accessible once the installation process is complete.

"I recommend all Magento administrators to update their installations to the 2.0.6 patch."

The chained attack combines smaller vulnerabilities which Rubin has detailed in full, and relies on REST or SOAP being left enabled from default which is the case in most installations.

Much of the fault lies with the sizeable and dynamic API for each Magento module that customers use to run things like shopping carts.

Rubin praised Magento for its code overhaul which has seen vast re-writing, code improvements, and a bolstering of security.

collect
0
avatar
Frances Hill
guide
Zupyak is a free content platform for publishing and discovering stories, software and startups.