7-Zip – A critical security flaw that needs to be patched urgently | Cybersecurity

Technology liliane. REPORT

Fans of file compression will have to pull out the update and fissa because a rather worrying vulnerability has just been discovered in our faithful 7-Zipwhich has been following us for years to compress and decompress our files.

This critical flaw, called CVE-2024-11477received a high CVSS score of 7.8, reflecting its seriousness. It allows attackers to execute malicious code on your system when you open certain specially prepared archives.

More precisely, the problem lies in the processing of files compressed with Zstandarda compression algorithm particularly used in the Linux ecosystem, notably for the Btrfs, SquashFS and OpenZFS file systems. Basically, when 7-Zip tries to unpack this type of archive, it does not properly check the user-provided data. This negligence can thus cause what is called an “integer underflow” – a sort of arithmetic overflow that allows anything to be written into your computer’s memory.

For the more technical among you, this means that an attacker can exploit this vulnerability to execute their own instructions with the same privileges as the user launching 7-Zip. So if you are logged in as an administrator… you see the picture. The threat is all the more serious as this flaw requires little technical expertise to be exploited, although no malware targets it yet. Phew!

But don't panic! As is often the case in IT security, there is a simple solution: to update !!!

The developers of 7-Zip reacted quickly and fixed this flaw in version 24.07. The problem is that unlike many modern software programs, 7-Zip does not have an automatic update system. You will therefore have to roll up your sleeves and update manually.

To check your current version of 7-Zip, open 7-Zip File Manager, click “Help” then “About 7-Zip” and look at the version number displayed

If you see a number lower than 24.07, head to the official 7-Zip website to download the latest version!

In short as usual:

  • Beware of archives from unknown sources : as with email attachments, caution is required
  • Scan suspicious archives with your antivirus before opening them
  • Avoid opening archives as administrator unless really necessary
  • Keep a backup of your important data in case

For system administrators and developers who use 7-Zip in their applications, it is doubly important to make this update. Not only to protect their own systems, but also to avoid spreading vulnerable versions through their products.

This vulnerability, initially reported in June 2024, was just publicly disclosed on November 20, 2024 and if you want more details, it's on the official CERT-EU security advisory.

Source

-

-

PREV Should we switch from ChatGPT to Chat de Mistral?
NEXT Intel Arrow Lake review analysis shows Core Ultra 200S CPUs are efficiency champions and gaming duds

Related posts

Corsica, buried under plastic waste, hopes that the States will find an agreement to fight against this pollution

VIDEO – “You are not ashamed”: tense exchange between Nicolas Sarkozy and a teacher after his comments on teachers’ working hours

“When it issues an arrest warrant against Netanyahu, the International Criminal Court exceeds its prerogatives”

Benyamin Netanyahu expressed his anger to Emmanuel Macron