Apple subsidiary FileMaker has released a warning saying that its FileMaker Server 13 software includes a version of OpenSSL that is vulnerable to the Heartbleed bug and instructs customers to manually patch the problem. An updated version of the Server client will be released shortly.
FileMaker opens with a brief description of the Heartbleed bug and then delves right into the issue, saying, “FileMaker Server 13 includes a version of OpenSSL which has been identified as being vulnerable to the Heartbleed bug. At this time we are not aware of any tools which could exploit this vulnerability in FileMaker Server 13.”
The database company is now actively working on a patch, with the promise to “issue this update as soon as it is ready.” In the interim, customers using the Server software are advised to manually replace the OpenSSL library.
FileMaker says this is a manual update, so customers must “completely review the documentation before applying.”
As previously noted in several reports on Softpedia, the Heartbleed vulnerability is serious and should be treated as such. It is advisable that FileMaker Server users cautiously follow the steps provided in said documentation and update their OpenSSL libraries as instructed.