New Magento Updates (SUPEE-6788 & Malware Issue) May Affect Some Extensions
Magento is looking to prove once again its power & value after announcing in advance about its two upcoming security updates. These updates include the information about a malware issue impacting some Magento websites & a pre-announcement of the release of a security patch, i.e., SUPEE-6788.
Magento is actively examining the Magento websites who appear to be targeted by Guruincsite malware (as discussed in our previous blog) and has not found any new attacking vector for now. Almost all impacted websites have been found vulnerable to an earlier discovered issue, i.e., “Code execution issue” And, the sites, that are not vulnerable to this code execution issue, point up other unpatched issues. The admin accounts, which are using weak passwords, phishing, or other unpatched vulnerability that grants for admin access, need to be conscious about this malware by checking for all created user & demo account. A new security patch (SUPEE-6788) is also going to be released by Magento very soon. This release can further affect some Magento extensions and customizations.
Patches are accessible for Magento Enterprise Edition 1.7 and afterward releases and Magento Community Edition 1.4 and afterward releases. The online merchants can also upgrade to Magento Enterprise Edition 184.108.40.206 or Community Edition 220.127.116.11. We will update you as we get more information about this new patch, how to download it and all other, once after the release of new security patch from Magento.