7-Zip Website, So Now You Have No Excuse
7-Zip releases prior to 18.05 (released April 30th) have a security flaw in how they handle RAR files that can potentially lead to arbitrary code execution. Thankfully, there aren't any examples of baddies using this in the wild (yet), but you know the old Benjamin Franklin quote: An ounce of prevention is always better than a pound of having to pay a Bitcoin ransom to decrypt your hard drive. Or something.
PSA: If you use 7-Zip, update it.
Re: PSA: If you use 7-Zip, update it.
Thank you for the heads up.
Re: PSA: If you use 7-Zip, update it.
Nice to know they caught it in routine bugtesting rather than an "in the wild" incident!
- Graf Zahl
- Lead GZDoom+Raze Developer
- Posts: 49073
- Joined: Sat Jul 19, 2003 10:19 am
- Location: Germany
Re: PSA: If you use 7-Zip, update it.
What I find a bit troubling about the whole thing is that 7Zip was built without any of the routine safeguards, apparently for some mistaken sense of 'optimization'.
- Wiw
- Posts: 766
- Joined: Thu Jun 11, 2015 1:58 am
- Graphics Processor: nVidia with Vulkan support
- Location: Everywhere and nowhere.
Re: PSA: If you use 7-Zip, update it.
Should it have given me a set of options called "CRC SHA"?
Re: PSA: If you use 7-Zip, update it.
Those are just checksum tools for sanity checking if a file has been modified. If you don't normally check those, you can take them out of your context menu from the 7-zip program in Tools > Options... > 7-Zip tab > Context menu items: > uncheck "CRC SHA >".Wiw wrote:Should it have given me a set of options called "CRC SHA"?