7-Zip is open-source software used for archiving files, the software has been in use for over 20 years, which makes it an essential application for many people. A vulnerability has been discovered by the Centre for Internet Security which enables “arbitrary code execution”. The researchers state that if a hacker can exploit the system by taking the advantage of the aforementioned flaw he can basically install any software on the victim’s computer.
Fortunately, no one has taken advantage of this flaw yet but the it is still present in all versions of the 7-zip prior to 18.05 which was released on April 30. If you haven’t updated 7-zip on your system it is suggested that you update to the latest version of the software.
You can go to 7-zip’s website to download the latest version. The new version will replace the old version of the software. The Centre of the Internet Security is also suggesting that users run the software with low privileged accounts for additional prevention against a full system compromise.
- Apply appropriate updates provided by 7-Zip to vulnerable systems
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Apply the principle of least privilege to all systems and services.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.
Take your time to comment on this article.