The Magento 1.x content management system will reach EOL (end-of-life) status tomorrow (30 June 2020) which means that 75% of all deployed online installations are potentially vulnerable. This is one of the most popular platforms for running online stores, being one of the most well-known eCommerce platforms.
Magento eCommerce System Will Reach EOL Tomorrow: The Majority of Sites are Vulnerable
Magento eCommerce-powered sites that are running on the 1.x branch will need to update their installations to protect themselves from potential hacking attacks that will be launched against the older branch. The end-of-life stage is decided to become fact on June 30 — on this data the releases will no longer be deemed secure. For example Adobe will no longer provide security updates to the platform. Computer criminals often use automated hacking tools equipping exploits such as these.
In connection with this both Mastercard and Visa have issued warnings to their customers and partners that using such installations will lead to potentially malicious situations. Magento and its 1.x branch has been released back in 2008 and initially scheduled to reach end-of-life in November 2018. However it was rescheduled until tomorrow. The 2.0 branch started development in 2015 using a new code release.
Also Read 814 GoDaddy Employees Being Laid Off, Austin Offices Closed
The reason for the delay is the purchasing of Magento by Adobe and announced that the end-of-life status will be forwarded to June 1 2020. However due to the COVID-19 pandemic Adobe decided to delay the end-of-life back to June 30.
Last week Magento published their last update for the 1.x branch and the open-source code. In the last update the latest vulnerabilities have been patched, their status was Important and Critical which fixes exploits that have been previously been targeted by arbitrary code execution.
The majority of online shops that are running the older branch amount to about 3/4 of all Magento installed applications. For this reason many of the attacks that have been targeted make use of skimming attempts that are devised to manipulate the victims into thinking that they are accessing safe and legitimate content. It is very easy to replace active and working online shops with fake items and payment processor pages.
We recommend that all sites that have not migrated to the new branch version be updated to the new version.