On February 13, 2022, Adobe issued a security advisory regarding a critical bug discovered in their Adobe Commerce and Magento Open Source.
While this vulnerability is not related to any Klarna developed or supported plugins, as a merchant using one of these platforms, we would like to make you aware that Adobe has released software updates that should be installed as soon as possible to avoid you being compromised.
The risk to you: Groups like Magecart regularly target unpatched versions of Magento. Successful exploitation of the vulnerability could result in an attacker gaining complete control of your e-commerce site, resulting in fraud, identity theft, or ransomware attacks.
Affected versions:
** Note that Adobe Commerce 2.3.3 and lower are not affected.
Immediate action to take: To mitigate this vulnerability, install the latest security update from Adobe.
The best way to reduce the risk of being comprised is to follow security best practices. You can find Klarna Checkout security recommendations here.
And remember, if you see anything suspicious, the checkout looks weird, or you detect anomalies in your transaction processing - reach out to your established Klarna contact (for example delivery manager or merchant support) or Merchant Support team immediately.