Immediate update to Joomla 3.4.5 necessary

The 15th of October, the Joomla Production Leadership (PLT) team was notified of the security issue by the internet security company SpiderLabs. The PLT started to work immediately on a fix and on the 16th announced a security patch by PLT member Jessica Dunbar. 

If you haven't updated your Joomla 3 to the last security patch 3.4.5 your site is at big risk due to an SQL injection vulnerability that allows the exploiter to acquire full administrative access to your Joomla website.

The official Joomla announcement said:

A Joomla 3.4.5 release containing a security fix will be published on Thursday 22nd October at approximately 14:00 UTC The Joomla Security Strike Team (JSST) has been informed of a critical security issue in the Joomla core.Since this is a very important security fix, please be prepared to update your Joomla installations next Thursday. Until the release is out, please understand that we cannot provide any further information.

The days before the release there was a big community effort to communicate the importance of this fix. The content of the package was kept secret to avoid as many hacks as possible. Finally, the patch fixing the three vulnerabilities detected was released yesterday, the 22th of October. The issues fixed according to the Joomla release announcement were:

Security Issues Fixed
High Priority - Core - SQL Injection (affecting Joomla 3.2 through 3.4.4) More information

Medium Priority - Core - ACL Violations (affecting Joomla 3.2 through 3.4.4) More information

Medium Priority - Core - ACL Violations (affecting Joomla 3.0 through 3.4.4) More information

Unfortunately, the company that found the exploit, unveiled the full exploit just an hour after the patch release to the big surprise of PLT and community members.

As soon as SpiderLabs published the exploit, community members and companies started to detect attacks:

Security company Sucuri recommends

[...] looking at your web logs to try to find signs of this attack. If you search for "option=com_contenthistory&view=history" you should be able to find possible attacks against your site. Note that blocking this requests only via GET requests are not enough, since they can also happen via POST. Joomla uses the PHP $_REQUEST, so both POST and GET's will go through.

If you have a Joomla website and haven't updated yet, it's extremely important that you update now.

If your web site has been hacked we recommend getting in touch with MyJoomla or check out the Joomla security forum.