Blog

Alert: Users of 7-Zip Should Immediately Upgrade to the Latest Version

b2ap3_thumbnail_7zip_vulnerability_400.jpgOne of the latest vulnerabilities in open-source software can be found in 7zip, a file archiver and decompresser. 7zip has been found to have several security vulnerabilities which have software developers rushing to fix their products. The damage done extends far beyond 7zip, reaching both people who use 7zip itself, and developers who have used the technology in the creation of their own tools and software.


There are two vulnerabilities, which were discovered by Cisco’s Security Intelligence and Research Group, Talos. In particular, the security report focuses on the fact that these types of vulnerabilities most drastically affect antivirus software programs and others which host compressed or encrypted files. The real issue that comes from these 7zip vulnerabilities is how widespread the software is used; for example, many companies may be using software which supports 7zip without realizing it.

ZDNet explains in full detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyber attackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234, is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In Simple English: These recently discovered vulnerabilities could be executed by hackers to gain control over your device and data.

Also of note is that this technology should be a reminder of what happens when an open-source software that’s used in many places across the Internet becomes vulnerable. While it’s definitely not as scary as Heartbleed, the vulnerability in OpenSSL that struck in April of 2014 that allowed for the theft of encrypted information, these vulnerabilities in 7zip could have been much worse.

Thanks to the efforts of Talos and the 7zip developers, the vulnerabilities have been patched and are available in the latest version of 7zip, V.16.00. Keep in mind that previous versions are still vulnerable to the aforementioned issues and should be updated as soon as possible. This also goes for any software that your company uses that takes advantage of 7zip.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, reach out to us at 603-889-0800.

Related Articles

  • Is It Safe to Have Your Browser Remember Your Passwords? Let’s be honest - not all of us have the best memories. This makes the ability for many browsers to remember our passwords seem like a godsend. However, is this capability actually a good thing for your cybersecurity? The answer may not surprise you. Nope! While yes, the fact that we no longer ha...
  • Tip of the Week: Awareness Is Important When Surfing the Web We all love the Internet. We all use it almost every day. For this week’s tip, we’ll review a few ways to help keep yourself from getting in trouble while browsing. Sacrificing Security for ConvenienceFor starters, most of the threats to be found online are of the sort that can be avoided somewha...
  • Could You Spot a Social Engineering Attack? As invaluable as the security solutions that protect a network are, they can be effectively rendered useless if a cybercriminal is skilled in social engineering. Social engineering is the practice of using manipulation to access protected resources, as we will review later. If your business and its ...
  • Here’s How Companies Struggle with IT Security No business can be successful if it’s constantly suffering from data breaches. Therefore, you should take measures to mitigate the issues caused by these threats before they present themselves. Here are four of the biggest issues your business could face in the field of network security. Password...
  • Help! My Staff Hates My Company’s IT! Fellow business owners, do you ever feel like you need to walk around on eggshells when it comes time to implement a new process or policy with your employees? Does it seem like your staff fights back tooth and nail when there is any technology change or IT restriction? You aren’t alone. More oft...
  • A Brief Overview of Network Security The reliance the modern business has on its IT cannot be understated. As a result, to keep their computing network and infrastructure running efficiently, companies need to have a network and cybersecurity policy in place. With the development and use of organizational computer networks with multipl...
With the surge in the number of small and medium businesses that have fallen prey to malware and cyber criminals, there is a lot of focus of what an organization can do to prevent being a victim and how the company should handle themselves after an attack. There is another key factor to preventing cyber criminals from penetrating into your network:...

- Onsite Service Coverage Area -

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.

 

603-889-0800

White Mountain IT Services
33 Main Street Suite 302
Nashua, New Hampshire 03064

 

 padlock1  Cyber Security Toolkit

cloud desktop2 Cloud Desktop Login

Open Positions