On 14th September 2017 Magento released a critical security patch; SUPEE-10266.
SUPEE-10266, Magento Commerce 188.8.131.52 (formerly known as Enterprise Edition) and Magento Open Source 184.108.40.206 (formerly known as Community Edition) contain multiple security enhancements that help close cross-site request forgery (CSRF), unauthorised data leak, and authenticated admin user remote code execution vulnerabilities. These releases also include fixes for issues with image reloading and payments using one-step checkout.
This patch also included Magento 2 versions for Magento Commerce (Enterprise Edition) and Open Source (Community Edition) 2.0.16 and 2.1.9
The Magento 2 version updates also include support for the changes to the USPS shipping rates that the USPS introduced on September 1, 2017.
Although none of these exploits have a known attack where they have been utilised, they have all been patched in this security update.
If you require any further information regarding this patch update, or assistance with installing – please get in touch with one of our team on 0113 833 0411 or drop us an email.