Important Magento Security Update – Zend Platform Vulnerability

We have recently learned of a serious vulnerability in the Zend platform on which Magento is built. This note provides information on how customers can access and install a patch that addresses this issue. The Issue The vulnerability potentially allows an attacker to read any file on the web server where the Zend XMLRPC functionality is enabled. This might include password files, configuration files, and possibly even databases if they are stored on the same machine as the Magento web server. Solution We recommend that all Magento implementations install the latest patch appropriate for your platform: Magento Enterprise Edition and Professional Edition merchants: You may access the Zend Security Upgrade patch from Patches & Support for your product in the Downloads section of your Magento account. Account log-in is required. Download Magento Community Edition merchants: Community Edition 1.4.0.0 through 1.4.1.1 Community Edition 1.4.2.0 Community Edition 1.5.0.0 through 1.7.0.1 Applying the … Continue reading