Security patch installer for ImageMagick vulnerability
A vulnerability has recently been found in the ImageMagick library used by AccurioPro Flux. We have released a security patch installer that fixes the vulnerability.
To install the patch, simply unzip the ZIP file, run the provided exe file and follow the on-screen instructions. Please refer to the included ReadMe for further information.
Important notes
- The installer can be used with AccurioPro Flux versions 8.0 through 10.0.2.
- Install the patch on all machines that runAccurioPro Flux components, for example Flux Server, Flux Workstation or Flux Web.
- If Flux Workstation is installed at a later date via the installer on the Flux Server download page, the patch installer must be run afterwards.
- The installer can also be used with customized installations.
- As a courtesy, the installer can be used without a valid SMP.
Vulnerability assessment
The 'ImageTragick' vulnerability discovered in the ImageMagick image processing library could allow attackers to run malicious code in AccurioPro Flux which is contained in image files, possibly even when embedded in PDF files.
This affects the upload of images and PDF files during operator import and in the webshop, the adding of images as objects in the editors, and the scanning workflow. It affects all editions: Essential, Premium, Ultimate.
If AccurioPro Flux is used in a controlled environment with known users, the risk of an incident is low. The highest risk is when used as an open web shop.
The release of the patch is a precautionary measure. To date there have been no reports of the vulnerability in AccurioPro Flux being exploited.