Notified:  June 15, 2017 Updated: June 28, 2017

Status

Affected

Vendor Statement

Acronis is aware of a minor security issue related to Acronis True Image 2017 (Build 8053 and earlier) that was reported by CERT Coordination Center (CERT/CC) at Carnegie Mellon University's Software Engineering Institute. We immediately fixed the vulnerability, prepared a patch for our newest update, and are currently testing it. Once ready we will notify users of the fix. While the threat to users is considered low-risk since multiple, rare occurrences would need to happen in order for someone to exploit the vulnerability, we will urge all Acronis True Image 2017 customers to apply the patch by opening the application and selecting “Check for Updates.” We take data protection very seriously, which is why we have acted so quickly to respond to this threat. We are also examining this incident further to ensure no similar vulnerabilities remain in our products.