Top Nav

Serious Security Exploits Found in 7-Zip, Update Available

Users running popular open source file archiving utility, 7-Zip, should update it immediately. Two major security flaws have been discovered in the software, which can be used to compromise personal data. 7-Zip is used by many a lot of people out there as well as third-party vendors to compress large files in applications.

Recently Cisco Talos has discovered multiple exploitable vulnerabilities in 7-Zip. These type of vulnerabilities are especially concerning since vendors may not be aware they are using the affected libraries. This can be of particular concern, for example, when it comes to security devices or antivirus products. 7-Zip is supported on all major platforms, and is one of the most popular archive utilities in-use today. Users may be surprised to discover just how many products and appliances are affected. Source

CVE-2016-2335 is an out-of-bounds read vulnerability that exists in the way 7-Zip handles Universal Disk Format (UDF) files. CVE-2016-2334 is an exploitable heap overflow vulnerability that exists in the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7-Zip.

Fortunately, the exploit has been fixed in the latest version of 7-Zip software, which at the time of this writing is version 16.0. To find out the version of you have installed launch the 7-Zip File Manager, and go to Help > About 7-Zip.

7zip version 16

Download 7-Zip Version 16.0

Users running Adobe Flash Player should also update. Adobe released a security update last week for a zero-day exploit found in the Flash Player.

Also, last week Microsoft released a new cumulative update for Windows 10 which includes security updates and bug fixes.

More Reading:

No comments yet.

Leave a Reply