Adobe Commerce / Magento Security Patches Installation Service

Choose MageBees.com: Choose Security of your E-commerce Store

MageBees.com doesn't cut corners while installing SUPEE patches. We save your time and efforts by getting things right the first time. We are a trusted choice for Adobe Commerce / Magento store owners across the world for the following reasons:

1. We work hard to maintain the integrity and security of your store.
2. We keep a check on regular releases of Adobe Commerce / Magento security patches.
3. We review current security patches to prevent unwarranted access.
4. Our developers are experienced in accurate security patches installation.
5. We promise dedicated support to all our clients.
6. We avoid data loss and store down time at all costs.

Quick and Safe Security Patches Installation: The Process

At MageBees.com, we follow a strict protocol to avoid inefficiency of any kind. We have divided the entire installation process in four essential steps:

1. The Need
First, we check which security patches are needed to be installed into your store. We keep a close watch on new releases so that your store doesn’t miss out on any security updates and customers stay protected all the time.

2. The List
Once you approve the list of security patches required for your Adobe Commerce / Magento store, we provide you with a detailed quote. It will include the stipulated time and budget required to finish the project.

3. The Access
Once the quote is approved and payment terms are discussed, we will need admin details including ftp, cPanel/ phpmyadmin/SSH login details to begin the work. Rest assured! We do not share your information with any other third-party.

4. The Installation
Our technical team will login into your store, disable compilation and clear the cache. We begin by applying security patches on your development/staging/clone store. We check for errors, if any and then apply patches on live site, clear cache and enable compilation.

The Latest Adobe Commerce / Magento Security Patches available Today!

Here is the list of latest SUPEE patches released by Adobe Commerce / Magento:

1. 2FA With OTP Rate Limiting : One of the key highlights of these security patches is the introduction of rate limiting for two-factor authentication (2FA) with one-time password (OTP) validation.

This feature helps prevent repeated attempts to enter different OTP codes and crash into your website.

Here’s how it works:

Retry attempt limit — This setting allows store owners to specify the maximum number of times a user can enter an incorrect OTP code before their account is locked out.

Lockout time — If a user exceeds the retry attempt limit, their account will be locked out for a specified period of time. This prevents attackers from continuously attempting to guess the correct OTP code.

These options can be found in the Security > 2FA section of your Magento admin panel after you install the latest security patches for your specific Magento versions.

When you enable rate-limiting for OTP, you can significantly reduce the risk of unauthorized access to your Magento store.

2. Encryption Key Rotation : Encryption key rotation is a security practice that involves regularly changing the security passwords and codes to protect sensitive store data, such as customer information and financial data.

Regularly rotating encryption key helps reduce the risk of unauthorized access to your data.

Here’s how it works:

The latest Magento security patches have introduced a new CLI command that makes it easier to rotate your encryption keys. This is a significant improvement over previous versions of Magento, which required manual steps and potential risks associated with manual key management.

3. Fixing the CVE-2020-27511 Vulnerability : CVE-2020-27511 was a security vulnerability that affected older versions of Prototype.js, a popular JS library used in multiple web applications. This vulnerability had higher chances of causing a ReDOS attack, a type of denial-of-service (DoS) attack that tricks a website into using too much computing power to process a specially crafted input, making it unresponsive.

“Recently, there was an issue discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping HTML tags.”

If a Magento store is using an outdated or vulnerable version of Prototype.js, it may have been susceptible to a ReDoS attack. An attacker could exploit this vulnerability to potentially cause the website to become unavailable or disrupt its normal operations.

The latest Magento security patches include a fix for this vulnerability. So, when you install the latest security patch, you can ensure that your Magento store is no longer vulnerable to the CVE-2020-27511 exploit.

4. Fixing CVE-2024-39397: A Remote Code Execution Vulnerability : CVE-2024-39397 is a critical security vulnerability that could have allowed attackers to execute malicious code on your Magento store. Normally, this vulnerability is a problem for merchants that use Apache web servers for on-premises or self-hosted deployments.

Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker could exploit this vulnerability by uploading a malicious file which can then be executed on the server. The exploitation of this issue does not require user interaction, but attack complexity is high and the scope is changed.

The latest Magento security patches address this vulnerability by implementing a fix that prevents attackers from exploiting this weakness. Also, if you’re a merchant using Apache web servers, these security patches are highly necessary to secure your online store.

Moreover, Magento has also released this patch as an isolated patch. This means you can apply this patch to any Magento version you’re currently using, without the need to upgrade to the latest version.

5. Additional Fixes : Beyond addressing core security issues, the latest Magento security patches also include several hotfixes for two specific concerns. Let’s discuss them.

Google Maps Rendering Issue — This hotfix resolves a JS error that is used to prevent Google Maps from rendering within the PageBuilder editor..

JSON Web Token (JWT) Validation — This hotfix addresses JWT validation issues related to CVE-2024-34102. This weakness could’ve potentially compromised the security of the store’s API access.

That’s all about the security patches introduced by Magento in August 2024.

When you choose to work along with these security patches, you can ensure that your Magento store is running smoothly and is protected from these specific issues. Also, these fixes show Magento’s dedication and commitment to providing ongoing support and improving as a platform.

Get in touch today!

To protect your online store from a possible hacking attempt and safeguard your customer's interest, patching your Adobe Commerce / Magento store is a necessary step. Allow experts at MageBees.com to handle the installation of security patches and keep your e-commerce store protected. We promise an affordable and reliable installation service for Adobe Commerce / Magento security patches. Our services start as low as $99. We understand that every online business is unique and so are its needs. We request you to provide a detailed list of your requirements so that we can create a customized quote for your business. Contact us today.