New York, November 25, 2024 –A major 7-Zip flaw allows remote attackers to execute malicious code. Update to version 24.07 immediately to protect against exploitation.
A critical vulnerability in 7-Zip, the widely used file compression utility, is sending shockwaves through the cybersecurity community. Identified as CVE-2024-11477, the flaw enables remote attackers to execute malicious code on targeted systems by exploiting specially crafted archives.
The vulnerability’s high CVSS score of 7.8 underscores the severe risk it poses to millions of users worldwide. The issue lies within the Zstandard decompression implementation, where improper validation of user-supplied data leads to memory corruption. Cybersecurity expert Nicholas Zubrisky from Trend Micro warns:
Attackers only need to trick users into opening compromised files. This flaw could lead to full system compromise with minimal effort.
With the Zstandard format prevalent in Linux environments, the vulnerability poses a particular risk to systems using Btrfs, SquashFS, and OpenZFS file systems. Victims could face unauthorized data access or system hijacking, with attackers potentially gaining the same access rights as logged-in users.
To mitigate this threat, 7-Zip has released version 24.07, which resolves the vulnerability. However, as 7-Zip lacks an automatic update feature, users must manually download the patched version.
Prompt patching is critical. This vulnerability could be exploited easily if left unaddressed.
Discovered in June 2024 and publicly disclosed on November 20, this flaw highlights the ongoing challenges of application security. Security experts emphasize the importance of rigorous input validation, especially when dealing with untrusted data.
Organizations and individuals relying on 7-Zip are strongly advised to update their software immediately.
Other News At VPNRanks
Hey, wait!
Stay informed on the latest privacy updates, cybersecurity insights, and internet freedom news by following VPNRanks news daily! As your primary resource for critical updates in online security, we ensure you’re always in the know. Make VPNRanks your go-to guide for safeguarding your digital life!
