This blog, PC world, claims that the hackers are attacking the e-commerce websites. and I should get updated with the latest patch.
Check Point, which found the flaw, reported it to Magento, which issued a patch (SUPEE-5344) on Feb. 9. Since Check Point revealed the flaw earlier this week, it appears attackers have picked up on it and are trying to find unpatched applications.
Should I get this patch?
How can I trust this patch?
Yes, you need to install new patch its safe & it's necessary to prevent attacks on the site.
You must install this on all Magento site.
Step to install patch:
patch from Magento Commerce and upload to your root directory.shell & run following command after navigate to the root directory of your Magento installation, sh PATCH_SUPEE-5344_CE_1.8.0.0_v1-2015-02-10-08-10-38.sh cache & you are done.The alert message will be still visible in the admin until you mark as read.
You can confirm your patch from the following site directly.
http://magento.com/security-patch
store URL & change admin path if it's different
If a message appears SAFE: This site appears to be safe. Then it's patched successfully.
Should I get this patch?
Yes and all other patches, which are provided by magento.
How can I trust this patch?
I prefer to review the patches, then run them locally and deploy them via VCS or whatever system. So you know, what happens, while running the patch.
