Magento 1 Patch 10570 (SUPEE-10570) released
Again, a big patch 10570 for security enhancements called SUPEE-10570 for Magento 1 was released today. This time, Magento urges you to update your installation as soon as possible. Hope you are prepared!
Magento 1 Patch 10570 (SUPEE-10570) released
The patch lists 19 security problems that are solved by installing it or to upgrading to the recent Magento 1.9.3.8 version. The list contains a small explanation of each fixed security problem, a classification of its risk and if there are already known attacks. There are mainly cross-site scripting problems and remote code injections, which are very dangerous. Someone my infect your source with unwanted code.
Why is it that urgent to install it?
This time, there are at least 4 high risk remote code execution leaks. If you read the description and view patch code, you can see what is fixed there. As soon as this information is public, someone might use this to attack unprotected shops. So, don’t wait. Hurry and update security!
Patch details
A small look at the patch code shows, that are more than thousand lines. Depending on your patched Magento version, there are about 50 updated and 2 new files. First install on a git developed shop was quite easy. The first look on frontend and functions was also inconspicuous. More details on critical problems and workaround will be added after tests.
UPDATE: there are no patched frontend files. First test show, that it is quite save to install this patch without weird frontend bugs.
Conclusion
Magento 1 Patch 10570 (SUPEE-10570) is a big one. Again, a number of serious security leaks are fixed. Thanks to the great community which detects and fix such problems BEFORE someone use it to attack your shop. Now it is up to you….patch your shops!
