On 11th October 2016 Magento released a very significant security patch; SUPEE 8788.
SUPEE-8788, Enterprise Edition 1.14.3 and Community Edition 1.9.3 addressed Zend framework and payment vulnerabilities, ensured sessions are invalidated after a user logs out, and made several other security enhancements.
This patch also included Magento 2 versions for Magento Enterprise Edition and Community Edition 2.0.10 and 2.1.2
Some of the key items identified included payment vulnerabilities around remote code execution during checkout and SQL injection through a bug in the Zend framework. There were secondary concerns around insufficient data protection and information leakage through a block cache exploit.
Although none of these exploits have a known attack where they have been utilised they have all been patched in this security update.
If you require any further information regarding this patch update, or assistance with installing – please get in touch with one of our team on 01423 226555 or drop us an email.