Researchers have found some serious flaws in 7-Zip, an open source compression tool which is used in many products including antiviruses and security appliances. 7-Zip is known for its high compression ratio and ability to handle a large number of archive formats. The vulnerabilities in 7-Zip are caused by the lack of proper data input validation. Here to comment on this research is security expert from Tripwire.
Craig Young, Cybersecurity Researcher for Tripwire:
“It is important for users to exercise caution when extracting files from untrusted sources using 7-zip. Earlier this year I did my own research on 7-zip and found that the wide range of supported file formats creates a very large attack surface. With less than an hour of fuzzing the 7z extractor late last year, I also found several exploitable memory corruption bugs. The best advice for anyone downloading content and extracting it with 7z is to perform file extractions within an immutable virtual machine.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Recent Comments
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…