Adobe fixes zero-day exploit in e-commerce code: update now!
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
Stay secure with the latest e-commerce cybersecurity trends, news, and tips to protect your online business from cyber threats.
Search across headline titles and summaries.
Background for this topic.
E-commerce is the online sale of goods or services through storefronts, marketplaces, mobile apps, and supporting payment and fulfilment systems. Its important assets include customer identities and addresses, payment data or payment tokens, order records, pricing, and account credentials. Availability and transaction integrity matter alongside confidentiality: customers must be able to place orders, and prices, inventory, and delivery details must not be altered improperly.
Security concerns span public websites and APIs, account takeover and payment fraud, vulnerable third-party components, and integrations with payment, logistics, and marketing providers. TLS protects communications, while strong authentication, secure session handling, input validation, patching, and monitoring help protect accounts and transactions. Payment-card environments may fall under PCI DSS; privacy obligations also govern personal data. E-commerce operators need tested controls for detecting fraud, limiting access, preserving audit records, and responding when systems or transaction data are compromised.
There's a remote code execution hole in Adobe e-commerce products - and cybercrooks are already exploiting it.
The vendor issued an emergency fix on Sunday, and eCommerce websites should update ASAP to avoid Magecart card-skimming attacks and other problems.