A recent report from CIS, Center for Internet Security, has revealed that all versions of 7zip prior to 18.05 allow for arbitrary code execution, which means that depending on the privileges given to the user running the executable, it was possible to “install software; view, change or delete data; or create new accounts with full user rights”. User accounts with low privileges would be less affected than those with administrative rights.
The vulnerability has already been fixed and an update is available on the official website of the software. Antivirus4u would also like to inform you that 7zip is an open source project with forks existing for operating systems other than Windows; for example, Keka is a Mac OS archiver that is based on 7zip. It is yet unclear if 7zip forks have the same vulnerability, so we recommend you to update any archiving software you have on your computer. And subscribe to our YouTube channel for more news about software vulnerabilities and insights about computer security.
0 comments:
Post a Comment