Magento Patch SUPEE-10888
Magento released Version 1.9.3.10 and with it a patch called SUPEE-10888 for alter Magento 1 shops. As always it is a good idea to patch as soon as possible. There are currently no known attacks – but there will be. All bugs are now gone public.
Magento Patch SUPEE-10888
With release of current Magento 1 version there is also a patch file to secure your running Magento 1 shops. This time again many different code injection and user privilege escalation bugs are fixed. Magento became again a little bit more secure.
Install patch
To install this security patch you should test it on your development system first. With this you can detect and fix possible side effects with 3rd party modules. Because this is not a big patch that changes frontend files it is nearly impossible that it effects modules (only if modules are bad implemented!). As far as this individual patch was testet it does not effect anything frontend relevant.
Future of Magento 1
Slowly but continuously Magento 1 moves to its end of life. It is recommended to switch to new Magento 2 version. Patching Magento 2 is easier and it is much more stable. Patching is always a good time to reevaluate your current shop and check if upgrading to Magento 2 is a possible solution. Time that you invest in patching Magento 1 can also be used to migrate to a more current version (that also includes newer Magento 1 Versions, but that does not make any sense).
Conclusion
Security is a big topic, especially in context of GDPR. Current Magento patch 10888 addresses some injection, xss and privilege escalation topics that may be a valid danger for your shop. Take your actions now and update your shop to a more secure and stable version. As always test this before doing it on a production environment. A proper source control and deployment is needed for a professional workspace.