Blog

Alert: Users of 7-Zip Should Immediately Upgrade to the Latest Version

b2ap3_thumbnail_7zip_vulnerability_400.jpgOne of the latest vulnerabilities in open-source software can be found in 7zip, a file archiver and decompresser. 7zip has been found to have several security vulnerabilities which have software developers rushing to fix their products. The damage done extends far beyond 7zip, reaching both people who use 7zip itself, and developers who have used the technology in the creation of their own tools and software.


There are two vulnerabilities, which were discovered by Cisco’s Security Intelligence and Research Group, Talos. In particular, the security report focuses on the fact that these types of vulnerabilities most drastically affect antivirus software programs and others which host compressed or encrypted files. The real issue that comes from these 7zip vulnerabilities is how widespread the software is used; for example, many companies may be using software which supports 7zip without realizing it.

ZDNet explains in full detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyber attackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234, is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In Simple English: These recently discovered vulnerabilities could be executed by hackers to gain control over your device and data.

Also of note is that this technology should be a reminder of what happens when an open-source software that’s used in many places across the Internet becomes vulnerable. While it’s definitely not as scary as Heartbleed, the vulnerability in OpenSSL that struck in April of 2014 that allowed for the theft of encrypted information, these vulnerabilities in 7zip could have been much worse.

Thanks to the efforts of Talos and the 7zip developers, the vulnerabilities have been patched and are available in the latest version of 7zip, V.16.00. Keep in mind that previous versions are still vulnerable to the aforementioned issues and should be updated as soon as possible. This also goes for any software that your company uses that takes advantage of 7zip.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, reach out to us at 603-889-0800.

Related Posts

Did you know that, of all the vulnerabilities your business has to cyberthreats, your employees are one of the riskiest, simply due to their exposure to your business technology? If your business isn’t secure, it will become incredibly more difficult...
It is not as difficult as it might seem.  If your systems are currently working, we can easily back them up, lock down the network, and then document everything about your infrastructure.  If your systems are not currently functioning prope...
Network security entails a ton of different procedures, and it can be easy to lose track of what you’ve already implemented, and what still needs to be done. Instead of worrying about keeping your business’s confidential data safe, know with certaint...
If there’s one thing that our extremely technical society has evolved into, it’s one where technology is always striving to improve itself. This is especially important for businesses that are looking to maximize the return on investment they get fro...
There are a lot of businesses that depend on their Customer Relationship Management (CRM) platform. It’s not just used to manage their customer relationship, it also helps with production, invoicing, operations, human resources, and more. Today, we’l...
When you think of the Internet of Things, does your mind immediately wander into the realm of connected devices that change the way we interact with each other? Or, does it consider the security issues that can potentially become a threat to your ent...
All types of businesses use cloud resources as a part of their IT infrastructure. It allows them to turn what was once a major capital expenditure into a controllable operating cost; and, it does it while offering solutions to almost any business pro...
The online world is a scary place. Viruses, malware, spyware, adware, and more are all out there trying to get at your network. These threats are almost always prevalent, but compared to each other, some are vastly superior and far more dangerous and...
Accessibility and mobility are important parts of a business’s data infrastructure. To this end, some businesses take advantage of a Virtual Private Network (VPN), which has the power to extend a personal network over a private network like the Inter...
Even the most innocent Internet user can fall victim to the stray hacking attack, and it’s all thanks to the manner in which malware reverse-engineers software. This process is how a hacker finds vulnerabilities in software. However, a new security c...
Just like Silk Road (the illegal online black market designed to smuggle drugs around the world), there exists an online trade for zero-day exploits. Unsurprisingly, hackers find it exceptionally lucrative to sell these exploits for profit. Now, ther...
People use and reuse old passwords time and again, and then they get two-factor authentication to augment their fifteen-character passwords. Wouldn’t it be great if your computer could recognize you just by how well you recognize others?...

Time For a Change?

If your business seems to be caught in a never-ending cycle of computer problems and complaints, perhaps you have been focusing on the symptoms rather than the source of the problem. The underlying cause is most likely a lack of professional IT management. At White Mountain, we take responsibility for the operation, management, and support of your IT infrastructure. Don't settle for the IT systems cycle of torture, there is a better way, give White Mountain a call today.

 

Onsite Service Coverage Area

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

White Mountain IT Services
33 Main Street, Suite 302
Nashua, New Hampshire 03064

 

 

603-889-0800

 

 

cloud desktop2 Cloud Desktop Login

Open Positions