Foregenix Blog

Magento Websites - Have You Patched SUPEE-8788 Yet?

Posted by Benjamin Hosack on 04/11/16 14:28

Last month Magento released SUPEE-8788 to fix a number of security issues – you can read about SUPEE-8788 in detail here.  A LOT of websites have not yet patched and are at risk of being hacked.

What is a Patch?

A patch is a minor software update released by software vendors to address functional or security issues in the older version of software. As can be seen with SUPEE-8788, the details of the issues addressed are listed by Magento so that admins can understand what is being addressed with the patch.

Why is Patching Important?

Patches are released to specifically address issues in the software – and when those issues are security issues, the patch is very important in order to effectively protect your online business from being exploited through the security vulnerabilities published with the patch.
Magento website security scan
As a digital forensic investigator, we assist a considerable number of websites that have been hacked and lost highly valuable information, including:

  • Client personal data
  • Payment Card Data

In a large proportion of cases, the website could have easily avoided having been hacked by simply keeping their patches up to date.

WebScan Statistics

Our latest WebScan statistics show the following:

  • 79% of the websites are At Risk using out of date software, specifically missing key security patches.
  • 23% are confirmed hacked and have credit card harvesting malware on their websites.
  • Only 20% have up to date software.

While patching does not prevent all hacks from occurring, it certainly ensures that your software is as secure as the vendors can make it.

If you’re unsure of your website’s current security status, please go ahead and check your site on WebScan.

Topics: web security, Magento