Cybersecurity

30 readers

44 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

founded 2 years ago

MODERATORS

shellsharks@fedia.io

tweedge@fedia.io

🚨 SECURITY PSA - 7ZIP VULN🚨 (urusai.social)

submitted 6 months ago by neatchee@urusai.social to c/cybersecurity@fedia.io

7 comments fedilink hide all child comments

🚨 SECURITY PSA - 7ZIP VULN🚨

Update your 7zip, folks

https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/

#cybersecurity #zeroday #7zip #malware #security #it #infosec

all 9 comments

sorted by: hot top controversial new old

[–] screaminggoat@infosec.exchange 2 points 6 months ago

@neatchee it's a fake proof of concept https://therecord.media/fake-zero-day-7Zip

[–] TootSweet@lemmy.world 1 points 6 months ago (1 children)

Why do I hear specifically about vulnerabilities in compression programs so much more than in other kinds of software?

[–] neatchee@urusai.social 2 points 6 months ago

@TootSweet@lemmy.world because it's specifically software that is about opening and processing arbitrary payloads.

[–] devans143@phpc.social 1 points 6 months ago (1 children)

@neatchee
If you read the write up, it sounds like the 7-Zip maintainers have not released a version yet with a patch. Current release is 24.09... watch for something newer.

[–] neatchee@urusai.social 1 points 6 months ago (1 children)

@devans143@phpc.social CVE indicates 24.08 was the patched version

[–] devans143@phpc.social 1 points 6 months ago

@neatchee That good to know. The original report from the group that found it said they were unaware of any patched version being released, but they had not heard from the maintainers yet. I usually check for an update once a month anyway.