Adobe fixes Critical zero-day Commerce,  Magento vulnerability exploited in the wild

Adobe has released security update that fixes a zero-day vulnerability for Adobe Commerce and Magento Open Source with reported exploits in the wild.

The security update for Adobe Commerce  APSB22-12 security update addresses an ‘improper input validation (CWE-20)’ that could result in arbitrary code execution if successfully exploited.

“Adobe is aware that CVE-2022-24086 has been exploited in the wild in very limited attacks targeting Adobe Commerce merchants,” Adobe wrote in the advisory.

The issue impacts Adobe Commerce and Magento Open Source versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier). Adobe Commerce 2.3.3 and lower are not affected.

Earlier this month, Adobe also patched Adobe Photoshop, Illustrator and other products.