Acronis Inc. Information for VU#489392

Acronis True Image fails to update itself securely

Status

Affected

Vendor Statement

Acronis is aware of a minor security issue related to Acronis True Image 2017 (Build 8053 and earlier) that was reported by CERT Coordination Center (CERT/CC) at Carnegie Mellon University's Software Engineering Institute. We immediately fixed the vulnerability, prepared a patch for our newest update, and are currently testing it. Once ready we will notify users of the fix. While the threat to users is considered low-risk since multiple, rare occurrences would need to happen in order for someone to exploit the vulnerability, we will urge all Acronis True Image 2017 customers to apply the patch by opening the application and selecting “Check for Updates.” We take data protection very seriously, which is why we have acted so quickly to respond to this threat. We are also examining this incident further to ensure no similar vulnerabilities remain in our products.

Vendor Information

Vendor References

None

Addendum

There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.