Researchers recently discovered a critical Remote Code Execution vulnerability in the Magento platform which affects both the Enterprise and Community Editions as well as all versions which can lead to a complete system compromise including credit card information and other financial and personal data. The exploit was privately disclosed after its discovery in January so Magento could provide a fix before public disclosure, the patch (SUPEE-5344) was released in early February and any owner or operator of a Magento system is urged to patch their installations immediately if they have not already.
The patch must be downloaded and applied manually, public disclosure of the vulnerability was published on April 22nd meaning it is now being actively targeted by the public. Since public disclosure the issue has become much more visible which assists in getting the word out but also makes it a larger target for hackers across the world, so anyone with a website utilizing Magento should immediately patch their installations. If you have any questions or need assistance in deploying the patch do not hesitate to open a ticket with our Support Team who can assist in checking if you are vulnerable/patched as well as applying and deploying the patch if necessary.
You can download the SUPEE-5344 patch at the following link: https://www.magentocommerce.com/products/downloads/magento/
You can also check out the official Magento announcement by clicking here
Wednesday, April 22, 2015