I'm asking, if the PECL imagick extension is also vulnerable to the new very critical ImageMagick security issue (check here and here). Is the extension just using the ImageMagick tool via shell, too?
yes.
The Imagick PECL is a PHP binding to the C-API MagickWand. It does not invoke a shell session, but is vulnerable to the delegate security issues -- just the same.
policy.xml as recommended by the notice.edit for completion
How to updated policy.xml (YMMV)
Locate ImageMagick's shared path on system.
$ identify -list configure | grep SHARE
#=> SHARE_PATH /usr/share/ImageMagick-6
Create or edit policy.xml in directory of previous step.
$ cd /usr/share/ImageMagick-6
$ sudo cat > policy.xml <<EOF
<policymap>
<policy domain="coder" rights="none" pattern="EPHEMERAL" />
<policy domain="coder" rights="none" pattern="HTTPS" />
<policy domain="coder" rights="none" pattern="MVG" />
<policy domain="coder" rights="none" pattern="MSL" />
<policy domain="coder" rights="none" pattern="TEXT" />
<policy domain="coder" rights="none" pattern="SHOW" />
<policy domain="coder" rights="none" pattern="WIN" />
<policy domain="coder" rights="none" pattern="PLT" />
</policymap>
EOF
Verify policy loads with identify -list policy.