Urgent Magento Security Updates

Magento Security Patch SUPEE-6788

This security patch is scheduled for release on Friday, October 23rd 2015*. This pressing update fixes several security issues, however it must be applied carefully. Magento has warned that in order to address the issues the security patch requires changes made that may break backward compatibility with customizations or extensions.

In other words, if you’re not extremely careful with applying this Security Patch, you may swap your security breach problems with broken site problems.

A partial list of issues caused by incorrectly applying the patch include the following:

  • Custom Admin URL Functionality breakdown
  • SQL Injection Module Complications
  • Private Information breaches

For detailed information read this Magento PDF.
For the list of extensions that will break from installation of the patch click here.

Guriuncsite Malware Attacks

Magento published a security news update saying they are investigating reports of Magento sites targeted by Guruincsite Malware (Neutrino exploit kit). They do not yet have a specific patch for these new attacks, however based on their research they have provided suggestions of urgent updates you should make certain you’ve applied to mitigate the risk of falling vulnerable to the attack.

Check Your Website To See If You’re Safe!

You can scan your site to see if it is vulnerable by checking your website URL on this site: https://www.magereport.com/

Have questions? Concerns about the security of your Magento site? Contact us to ascertain the safety of your website.

* Edit – this patch has not yet been released. We will update this blog post when Magento releases it.
Follow up Edit – Magento Security Patch SUPEE-6788 was released October 27, 2015