Adobe, Mastercard, Visa are warning the owners of online store running Magento 1.x of updating their installs because it will reach the end-of-life (EOL) by June 30
After June 30, Adobe will no more offer security updates for the platform this means that the sites running Magento 1.x will be vulnerable to cyber attacks.
Magento is a privileged target of hackers that already attempted in the past to exploit unpatched vulnerabilities in the installs online to compromise the e-store and steal payment card data.
Last week, the payments processor Mastercard has issued a security alert to its customers on the risks of using older versions of the Magento web store software.
In April, Visa also warned owners of Magento stores of using the latest versions of the platform, Magento 2.3.x.
Adobe delayed MAGENTO 1.X EOL two times, the firstTWICE
Adobe, which acquired Magento in May 2018, has been more than gracious and lenient to Magento 1.x store owners.
The 1.x branch was released in 2008 and was initially scheduled to reach EOL in November 2018.
The Magento team released version 2.0 in 2015, it was considered a totally new release, but many owners of websites opted to maintain the older 1.x version.
In 2018 Adobe acquired Magento and agreed to delay the official EOL back to June 1, 2020, but due to the COVID-19 pandemic, the company decided to postpone the EOL to June 30.
Last week, Magento has released the final updates for Magento Commerce 1 and Magento Open Source 1. The updates address vulnerabilities rated Important and Critical, successful exploitation could lead to arbitrary code execution.
“Support for Magento Commerce 1.14 and Magento Open Source 1 is ending in June 2020. This will be the final security patches available for these editions.” states Magento.
The bad news is that there are more than 105,000 stores (around 74%) still running Magento 1.x release, while the number of stores running the Magento 1 breach is 37,500.
It is easy to predict a new wave of e-skimming attacks against Magento stores running the 1.x breach, e-store owners must update their installs asap.
(SecurityAffairs – hacking, Magento)