Critical Magento/Zend Vulnerability

• July 06th, 2012
• 

Very recently a bug has come to light in the Zend Framework on which Magento is built. Please review the link below:

http://www.magentocommerce.com/blog/comments/important-security-update-zend-platform-vulnerability/

The implications of this vulnerability include total local file disclosure.

This means that any party able to connect to the store in the manner described in the article may be able to view the contents of all files on the site including databases.

A patch has been issued and can be found at the link above. If you need assistance patching your store, please contact Simple Helix Support as soon as possible by opening a ticket from your client area at https//manage.simplehelix.com/ and our 24/7 support team will be happy to assist you.

All Simple Helix customers were notified of this bug via email and we hope this will help all store owners to quickly patch the issue.

For further reading: http://framework.zend.com/security/advisory/ZF2012-01