Magento Zend Framework Vulnerability Fixed With SUPEE-9652 Patch
The Zend Framework 1 and 2 email component which is used in Magnto 1 and Magento 2 versions has a new found vulnerability which can compromise your Magento eCommerce store security. The vulnerability can pave the way for remote code execution attacks if Sendmail is used as a mail transport agent.
Follow the suggested steps shown before to find if you have been a victim of such an attack:
Enter system settings
For Magento 1: System-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path
For Magento 2: Stores-> Configuration-> Advanced-> System-> Mail Sending Settings-> Set Return-Path
If the Set Return-Path is set to ‘Yes’ then you use Sendmail and your eCommerce store is open to being a victim of this particular attack.
Note: If you are an Enterprise Cloud customer then Magento would have instantly fixed the issue for you.
It’s highly advisable that you set the Set Return-Path value to ‘No’ until you install the patch released to keep your eCommerce store safe from attackers.
Magento Releases The Fix For All Versions:
The vulnerability with the release of the patch – SUPEE-9652 and also upgrade paths to various Magento editions.