Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
A serious security vulnerability has been found in 7-Zip
#1
7-Zip is free, open-source file archiving software that's been around for an awfully long time—nearly two decades, according to Wikipedia. It's barebones, it's simple, and it works, which is why we included it in our list of essential applications for a fresh PC. Unfortunately, as discovered by the Center for Internet Security, it also suffers from a pretty serious security vulnerability that can enable "arbitrary code execution." 

What that means, basically, is that someone who successfully exploits this security flaw could install programs on your PC, view, edit, or delete data, or create new user accounts with full access rights. The good news is that CIS says there are no reports of this actually happening, but the bad news is that the security flaw is present in all versions of 7-Zip prior to 18.05. That version was just released on April 30, which means that unless you've updated sometime within the last four days, your PC is exposed.

Fortunately, the solution is simple. Go to 7-zip.org, download the latest version (it's tiny), and install it. Boom! Problem solved, and you'll be pleased to know that the hot new version of 7-Zip looks exactly the same as the old crappy one.   

CIS also recommended that all software should be run as a non-privileged user, and to apply the "Principle of Least Privilege" to all systems and services, so that if your PC does fall prey to a sploitz-jerk, the damage will be minimized. As a general approach, that's probably not a bad idea.

Source
Reply
#2
Done ! Thanks for info.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  I review security software for a living and I just found a new way to stop online sca mrtrout 0 874 01-06-2024 , 04:30 AM
Last Post: mrtrout
  Security experts have found another flaw in Intel processors sidemoon 0 1,403 03-23-2020 , 03:18 AM
Last Post: sidemoon
  New security vulnerability discovered in Google Chrome browser dhruv2193 0 1,515 09-04-2019 , 11:11 AM
Last Post: dhruv2193
  New Elevation of Privilege Vulnerability Found in Cisco WebEx Meetings Mohammad.Poorya 0 1,519 02-28-2019 , 04:33 AM
Last Post: Mohammad.Poorya
  Microsoft Issues Emergency Windows Security Update For A Critical Vulnerability mrtrout 0 1,494 12-08-2017 , 08:04 PM
Last Post: mrtrout

Forum Jump:


Users browsing this thread: 1 Guest(s)