Home Cyber Security News Critical Security Vulnerability Discovered in 7-Zip Software

Critical Security Vulnerability Discovered in 7-Zip Software

by Harikrishna Mekala

7-Zip is open-source software used for archiving files, the software has been in use for over 20 years, which makes it an essential application for many people. A vulnerability has been discovered by the Centre for Internet Security which enables “arbitrary code execution”. The researchers state that if a hacker can exploit the system by taking the advantage of the aforementioned flaw he can basically install any software on the victim’s computer.

Fortunately, no one has taken advantage of this flaw yet but the it is still present in all versions of the 7-zip prior to 18.05 which was released on April 30. If you haven’t updated 7-zip on your system it is suggested that you update to the latest version of the software.

You can go to 7-zip’s website to download the latest version. The new version will replace the old version of the software. The Centre of the Internet Security is also suggesting that users run the software with low privileged accounts for additional prevention against a full system compromise.

  • Apply appropriate updates provided by 7-Zip to vulnerable systems
  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Apply the principle of least privilege to all systems and services.

Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

Take your time to comment on this article.

You may also like

Latest Hacking News

Privacy Preference Center

Necessary

The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]

Advertising

DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.

doubleclick

Analytics

The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid