Cybersecurity

75 readers

78 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

[email protected]

🚨 SECURITY PSA - 7ZIP VULN🚨 (urusai.social)

submitted 2 weeks ago by [email protected] to c/[email protected]

9 comments fedilink hide all child comments

🚨 SECURITY PSA - 7ZIP VULN🚨

Update your 7zip, folks

https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/

#cybersecurity #zeroday #7zip #malware #security #it #infosec

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 2 points 2 weeks ago (1 children)

@neatchee Thanks for the warning. I make a lot of use of 7-Zip.

Zstandard is used in a lot of things. This could be problematic as a whole.

[–] [email protected] 1 points 2 weeks ago (1 children)

@[email protected] supply chain attacks are the favorite these days :/

[–] [email protected] 1 points 2 weeks ago

@neatchee Sadly an all too accurate statement.

Luckily the version of 7-Zip with the fix was back in August, so I'm guessing this CVE has been well known across most things. Each of my Linux systems were probably ok by the time I installed the current versions even (let alone updates.)

I did need to update the Windows partition though. Haven't booted it in ages, much less updated 7-Zip...