7-Zip gets an update to fix major security vulnerabilities
Security researchers from Talos have written a bunch of fancy words on their blog here, which basically say 7-Zip has a couple of serious security flaws.
Everyone’s up in arms about it, too.
There are two major security flaws found in the program, one which allows hackers to remotely execute code (basically run programs from afar), and the other one which can lead to heap corruption or buffer overflow.
But the problem is not just 7-Zip having problems, the problem is also that other people use 7-Zip in their own software, meaning many more applications now have this problem. Everyone has a problem!
Here’s the thing: 7-Zip is an open-source file archiver and decompressor. It’s an alternative to WinZip or WinRAR, but because it’s open-source, it has also been incorporated in other people’s software, as well.
Now, according to ZDNet, everyone’s rushing to patch their stuff up.
"Sadly, many security vulnerabilities arise from applications which fail to properly validate their input data", security researchers said in the blog post.
"Both of these 7-Zip vulnerabilities resulted from flawed input validation. Because data can come from a potentially untrusted source, data input validation is of critical importance to all applications’ security. Talos has worked with 7-Zip to responsibly disclose, and then patch these vulnerabilities. Users are urged to update their vulnerable versions of 7-Zip to the latest revision, version 16.00, as soon as possible".
Published under license from ITProPortal.com, a Net Communities Ltd Publication. All rights reserved.