Early versions of 7-Zip, a file compression program, are affected by a security flaw with a severity score of 7.8 out of 10.
Disclosed by Trend Micro’s Zero Day Initiative and first discovered by Trend Micro Security researcher Nicholas Zubrisky back in June of this year, the flaw affects all 7-Zip versions prior to 24.07 and allows attackers to execute code on a victim’s machine.
An easy exploit, the threat actors could use any of several attack vectors to exploit a specific flaw in the implementation of the program's Zstandard decompression. The ZDI advisory goes on to explain that the proper validation of user-supplied data can then be leveraged to execute code in the context of the current process.
Basically, this means that although it would likely require victim interaction such as opening a file, the archives could be used to install malware on your PC.
The current version of 7-Zip is 24.08, released on June 19, 2024. However, as the program doesn’t have automatic updates, the app itself and subsequent updates need to be manually installed to protect users.
How to stay safe
So, if you are running 7-Zip and especially a version earlier than 24.07, make sure to manually install the latest update immediately to avoid falling victim to any cyberattacks leveraging these flaws.
As always though, never open any files you didn't ask for, don’t open them when you don't recognize the sender and when you're not sure what they are. To protect yourself further, make sure you’re using the best antivirus software to keep your Windows PC safe from the latest threats.
More from Tom's Guide
- ExpressVPN steps up its game with new Credit Scanner tool
- Is VPN by Google coming to Pixel Tablet?
- Microsoft is changing the way admin privileges work in Windows - here's why
English (US) ·