Magento software

Adobe fixes critical pre-authentication vulnerabilities in Magento

Adobe has released an important Patch Tuesday security update that fixes critical vulnerabilities in Magento and significant bugs in Adobe Connect.

The full list of Adobe products receiving security updates today and the number of vulnerabilities fixed are below:

In total, Adobe fixed 29 vulnerabilities with today’s updates.

Almost any critical vulnerabilities could lead to the execution of arbitrary code, allowing malicious actors to execute commands on vulnerable computers.

Of the Adobe security updates released today, Magento has the most fixes, with 26 vulnerabilities.

Of particular concern are the ten pre-authentication vulnerabilities in Magento that can be exploited without logging into the site.

Some of these pre-authentication vulnerabilities are remote code execution and security bypasses, allowing a malicious actor to control a site and its server.

Install updates immediately

While there have been no actively exploited zero-day vulnerabilities, Adobe advises customers to update to the latest versions as soon as possible.

This urgency is because threat actors can compare older versions of the software with patched versions to determine which code is vulnerable and create exploits to target those vulnerabilities.

In most cases, users can update their software using the automatic product update feature by doing the following:

  • By going to To help > Check for updates.
  • Update installers can be downloaded from the Adobe Download Center.
  • Let products update automatically, without user intervention, when updates are detected.

For Magento updates, you will need to download the appropriate patches and install them manually.

If the new update is not available through the automatic update, you can check the security bulletins linked above for the latest download links.