This morning Act! LLC announced that a security vulnerability has recently been discovered with Act! Pro, Act! Premium and Act! Growth Suite software, which may make it possible for a threat actor to gain unauthorized access to your system. Please review the details on Act!’s web page notice for information on how it affects your version and deployment method (click the image below for the official Act! statement).
To ensure that this vulnerability is addressed, you will need to apply the appropriate update for your supported version as soon as possible (see below). If you are currently running Act! v21 or earlier, you will need to upgrade to a supported version to address this issue.
Act! has prepared a patch for all supported versions of Act!, which includes both Pro & Premium versions 22, 23, and 24. We recommend following one of these three ways to access the updates:
Please note that if you're a Cloud only customer, all our servers have been patched at the time of this publishing, so no additional action is required. If you are on an Act! subscription and still using an unsupported version of Act! (v21 or older), we strongly encourage you to avail yourself of your free upgrade privileges, and move to a supported version, forthwith.
Keystroke is also making changes to the Act! versions we're supporting for hosting, and affected customers will be contacted in the coming weeks to review their options.
Act! Obsolescence Policy
The Act! Support Obsolescence Policy details the support for the current release and specific recent releases of a product.
The current release will receive all service packs, hotfixes, and compatibility updates, while other supported releases will receive these items exclusively to address issues potentially resulting in data loss or data corruption due to product defect, excluding those deemed third-party caused or due to negligence of the user.
Unsupported products are not eligible for service packs, hotfixes, compatibility updates or technical support.
For more information about which versions of Act! are currently supported, see Act!’s obsolescence policy.
Frequently Asked Questions (FAQ):
Q: How was the vulnerability discovered and what have you done in response?
A: Vulnerability has recently been identified in Act! via routine penetration testing. The Act! engineering team has reviewed, fixed and re-assessed the vulnerability with a third-party threat intelligence vendor. Updates that address this issue are being made available for Act! v24, Act! v23, and Act! v22.1*.
Q: Have there been any known data breaches as a result of the vulnerability?
A: No, we are not currently aware of any bad actors taking advantage of the vulnerability.
Q: What versions are getting updates and why?
A: Per the Act! Support Obsolescence Policy, updates are being made available for supported versions of Act!*.
Q: What do I need to do?
A: To ensure that this vulnerability is addressed, an update for your supported version is required*. Click here to view the remedy specific to your version and deployment method. If you are currently running Act! Pro v21 or earlier, you will need to upgrade to Act! v24 Update 4 to address this issue. Customers who host or sync their software via a 3rd party hosting provider should contact that provider immediately to discuss the appropriate remedy.
Q: How do I know which version of Act! I’m on?
A: To find the version of Act! you’re currently on, go to Help About Act! in the top navigation of Act!.
If you have questions regarding how this security issue will affect you, please contact 1-833-ACT-BOLD to speak with one of our certified Act! Consultants, but be aware that there are practical limits to what we can prudently disclose about this security vulnerability. We cannot risk inviting bad actors to target Act! before everyone has an opportunity to either patch or upgrade their system. Please click the support icon below to schedule an appointment with the next available technician.