Researchers have found some serious flaws in 7-Zip, an open source compression tool which is used in many products including antiviruses and security appliances. 7-Zip is known for its high compression ratio and ability to handle a large number of archive formats. The vulnerabilities in 7-Zip are caused by the lack of proper data input validation. Here to comment on this research is security expert from Tripwire.
Craig Young, Cybersecurity Researcher for Tripwire:
“It is important for users to exercise caution when extracting files from untrusted sources using 7-zip. Earlier this year I did my own research on 7-zip and found that the wide range of supported file formats creates a very large attack surface. With less than an hour of fuzzing the 7z extractor late last year, I also found several exploitable memory corruption bugs. The best advice for anyone downloading content and extracting it with 7z is to perform file extractions within an immutable virtual machine.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…