Magento released a patch, SUPEE-6788, on October 27, 2015. This patch addresses protection against security related issues such as information leaks and remote code execution. A site can be compromised in many ways by these types of threads such as potentially having malware scripts running on your server or having sensitive information stolen. This patch allows Magento store owners to protect against these security compromises. Although, unlike most patches, it can be a little confusing to implement. Before implementing this patch, here are a few things you need to know.
In late January of 2015 the first remote code execution (RCE) vulnerability, or “shoplift” bug, was reported to Magento by Check Point Software Technologies. This bug affects both Magento Enterprise Edition and Magento Community Edition, and it allows attackers to obtain control over a store and its sensitive data, including personal customer information. As of February 9, 2015, Magento released a patch for this issue.