PSA: If you use 7-Zip, update it.

Kinsie · Post by **Kinsie** » Thu May 03, 2018 10:57 am

7-Zip Website, So Now You Have No Excuse

7-Zip releases prior to 18.05 (released April 30th) have a security flaw in how they handle RAR files that can potentially lead to arbitrary code execution. Thankfully, there aren't any examples of baddies using this in the wild (yet), but you know the old Benjamin Franklin quote: An ounce of prevention is always better than a pound of having to pay a Bitcoin ransom to decrypt your hard drive. Or something.

Post by **Rachael** » Thu May 03, 2018 10:59 am

Thank you for the heads up.

Bigger C · Post by **Bigger C** » Thu May 03, 2018 3:01 pm

Nice to know they caught it in routine bugtesting rather than an "in the wild" incident!

Post by **Graf Zahl** » Thu May 03, 2018 3:59 pm

What I find a bit troubling about the whole thing is that 7Zip was built without any of the routine safeguards, apparently for some mistaken sense of 'optimization'.

Wiw · Post by **Wiw** » Fri May 04, 2018 9:44 am

Should it have given me a set of options called "CRC SHA"?

Gollgagh · Post by **Gollgagh** » Fri May 04, 2018 10:55 am

Wiw wrote:Should it have given me a set of options called "CRC SHA"?

Those are just checksum tools for sanity checking if a file has been modified. If you don't normally check those, you can take them out of your context menu from the 7-zip program in Tools > Options... > 7-Zip tab > Context menu items: > uncheck "CRC SHA >".

ZDoom