Security Vulnerability Found In 7-Zip, Update Now

toggle-button

7ZipA security vulnerability has been found in the popular file compression program 7-Zip, update your version now.

A vulnerability that can allow arbitrary code execution has been found in in 7-Zip that effects all 7-Zip versions prior to the 18.05 release of the program.

There aren't any reports of this vulnerability being exploited in the wild, so most users right now are at low risk, but if you use 7-Zip, grab the newest version and install it now.

Download 7-Zip
 

(h/t PC Gamer)

You can find more Tech Treats here.

 

Please rate this article: 

Your rating: None
4.545455
Average: 4.5 (22 votes)
toggle-button

Comments

My apologies if this is a silly question but does the security vulnerability apply to the portable version

There are no silly or stupid questions as far as I'm concerned. :)

I was wondering that myself, but I haven't found a definitive answer, other than the vulnerability impacts "all versions".
The vulnerability hasn't been found in the wild, no users have been impacted and it was patched immediately.

Mahalo (thanks Hawaiian style). Guess it's best to refrain from using portable version for now ;-)

You're welcome.
All versions have been updated, and there were no users impacted - it was discovered, patched and an update released before it was widely known.
As long as you're using the latest version, you should be fine, portable version included. :)

Thanks

You're welcome, glad to be of some help.

Thanks for the heads up! This site is one of the first places I check each morning for interesting and valuable information, both in the articles and in the comments (thanks, "Australia").

You're welcome. I may be a wee bit biased, but the comments here are awesome and I always read them too.

Does this mean that even if I update my version of 7zip, and someone uses an old compromised version to send me a file, when I use my clean version to unzip the file my computer will be infected? Obviously I will be relying upon my antivirus software to protect me, but nothing is 100% secure.

As I understand it, the security flaw creates a vulnerability in a PC, not in the zip files themselves. The security flaw "could install programs on your PC, view, edit, or delete data, or create new user accounts with full access rights".

As long as you are using the newest version you should be ok.

Thanks Rhiannon for your very quick reassurance. I've updated to the latest version. This is the sort of threat that wouldn't normally be picked up by my antivirus until infection had happened. Always good to be able to prevent nasty things from occurring.

You're more than welcome. :)

All good points. I would also add that performing a regular disk image with files and backing up files like Documents when needed is a good thing. Mobile users have backup options as well.

The link for safe download sites is here:
Best Windows Freeware/Shareware Download Sites | Gizmo's Freeware

This looks like the way of the future.
That is, all our freeware programs (and all programs for that matter) will be exploited if possible

Best you have:
1)A good firewall, that informs you every time a program is trying to connect to the internet
2)A good program uninstaller, that you use whenever you install a program, so you can wipe off all traces of old programs
3)A good registry back up program, so if you are infected you can go back to a date when your computer was clean
4)Always choose the "portable" version of software if you have a choice. These are much easier uninstalled without leaving any leftover files on your computer, and they can be returned to if the latest version of your favourite program turns out to be a dud, or disruptive to your computer

Best you only download freeware from reputable sites
Note that there are reputable sites, and others download sites that are not safe
For the reputable sites, TechSupportAlert can put you in the right direction
(Google "Best Windows Freeware/Shareware Download Sites" to find the correct TechSupportAlert webpage)

Regularly check your favourite freeware site for your favourite programs to see if they have been upgraded to a new version. If there are enough benefits to upgrade to the new version, do so, but always first check that the new version isnt a dud (which sometimes happens when companies update software for the wrong reasons).