Login | Register 
Contact us today!
866-348-2602

Total Tech Care Blog

Total Tech Care has been serving Florida since 2001, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.
Font size: +
Subscribe to this blog post
Print

Alert: 7-Zip Software Can Leave Your System Vulnerable

Total Tech Care Blog
0 Comments
Alert: 7-Zip Software Can Leave Your System Vulnerable

Software vulnerabilities can cause major issues for individuals and businesses. Cisco’s Talos Security Intelligence and Research Group, which is designed as an organization to “protect consumers from known and emerging threats,” has found such a vulnerability with 7zip.

The 7zip software is an open-sourced file archiver and decompressor, and has many software developers scrambling to patch their products. Since 7zip is freeware, it is naturally used in the development of other applications’ code; and that is making this particular vulnerability more than your run-of-the-mill code malfunction. Currently there are two discovered vulnerabilities with the software. ZDNet explains the issues in stark detail:

  • “The first vulnerability, CVE-2016-2335, is an out-of-bounds security flaw caused by the way 7zip handles Universal Disk Format (UDF) files. When partition maps are scanned to find objects within the file system, there is a lack of proper checking which can cause a read-out-of-bounds problem. If exploited, cyberattackers could use the vulnerability to execute code remotely.”
  • “The second security flaw, CVE-2016-2234 , is an exploitable heap overflow vulnerability found within the Archive::NHfs::CHandler::ExtractZlibFile method functionality of 7zip. In the software's HFS+ system, files can be stored in a compressed format using zlib, and depending on the size of the data, this information may be stored in blocks.”

In layman’s terms, the vulnerabilities affected the way that many programs utilizing 7zip function. In particular, software programs like antivirus solutions are affected. The vulnerabilities change the way that files are compressed and decrypted; and, since the 7zip code was used as a part of so many other pieces of software, the opportunities are real and prevalent. While this vulnerability may not present network administrators with as much fear as 2014’s Heartbleed vulnerability, the potential for data and network breaches is concerning.

Working with Talos, the 7zip developers have patched the problems, with their latest offering, 7zip v. 16.00, being free of these vulnerabilities. Any other version of the software needs to be updated immediately to ensure that users are not subject to data breaches as a result of this vulnerability. Any other software that has the 7zip code needs to be patched as well.

For more information on the latest security vulnerabilities, as well as information on how to protect your organization from potential threats, call us today at 866-348-2602.

Tweet
Tags:
Security Software Alert
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Friday, 24 January 2025
If you'd like to register, please fill in the username, password and name fields.

Blog Categories

Blog Archive

Sign Up for Our Newsletter

  • First Name *
  • Last Name *

      Free Consultation

      Sign up today for a
      FREE Network Consultation

      How secure is your IT infrastructure?
      Let us evaluate it for free!

      Sign up Now!

      Free Consultation
       

      Tag Cloud

      Security Tip of the Week Technology Best Practices Business Computing Cloud Privacy Hackers Productivity Hosted Solutions Efficiency Software Network Security Business Google Microsoft Internet Email Malware Backup Workplace Tips Innovation Data User Tips Computer Mobile Devices Hardware IT Services Disaster Recovery Android VoIP communications Business Continuity Smartphones Communication IT Support Smartphone Miscellaneous Mobile Device Small Business Network Browser Productivity Collaboration Quick Tips Cybersecurity Users Business Management Managed IT Services Upgrade Phishing Windows Outsourced IT Data Backup Ransomware Windows 10 Office Data Recovery Server Save Money Cloud Computing Windows 10 Passwords Virtualization Saving Money Holiday Gadgets Social Media Chrome Tech Term Managed IT Services Automation Managed Service Microsoft Office Computers Facebook Artificial Intelligence Operating System Cybercrime BYOD Mobile Device Management Internet of Things Networking IT Support Wi-Fi Hacking Health Spam Covid-19 Office 365 Telephone Systems Information Technology Alert Managed Service Provider Information Remote Router Bandwidth BDR Recovery Employer-Employee Relationship Social Engineering Mobility Encryption Remote Monitoring Applications Data Breach Mobile Computing Application App Law Enforcement History Big Data Human Resources Password Money Mobile Office Government Office Tips Training Private Cloud Blockchain How To Paperless Office VPN Managed IT Apps Data Storage Patch Management Remote Computing Marketing HaaS WiFi Google Drive Servers IT solutions Entertainment Website Budget Avoiding Downtime Data Security Wireless Gmail Settings Bring Your Own Device Data Management Work/Life Balance Two-factor Authentication Infrastructure Vulnerability Voice over Internet Protocol Windows 7 Flexibility Word Mouse Education Physical Security Safety User Error Vendor Managed Services Meetings HIPAA Sports Vendor Management Redundancy Display Data Protection Keyboard USB Risk Management Employee/Employer Relationship Hacker RMM The Internet of Things Lithium-ion battery Save Time Telephone System Staff Software as a Service Machine Learning Remote Work Firewall Connectivity Cleaning Virtual Reality Conferencing Apple End of Support Scam Social IT Management Fraud Managed Services Provider Internet Exlporer Remote Worker Botnet IT Plan Database Cryptocurrency Printer PDF Wearable Technology Remote Workers Bluetooth Unsupported Software Hard Drives Retail Proactive IT Processor Instant Messaging Charger Robot Excel Comparison Best Practice YouTube Hard Drive Biometrics CES Compliance Computer Care Black Market Virtual Desktop IT Consultant OneNote Current Events Business Technology Telephony Content Management Samsung DDoS Computing Access Control Humor Document Management Wireless Technology SharePoint Virtual Assistant Solid State Drive How to Value Downtime Authentication Spam Blocking Electronic Medical Records Data storage Customer Service Digital Signage Environment Automobile Update Hiring/Firing Fax Server Computing Infrastructure Going Green Procurement Google Docs Identity Theft Workplace Strategy SaaS Net Neutrality Virus Help Desk Battery Unified Threat Management Printing Business Intelligence Network Congestion Computer Accessories Shadow IT eWaste Augmented Reality Audit Legal Worker Cryptomining Tablets Public Computer Point of Sale Search Engine Personal Twitter Supply Chain Management NIST Regulations Entrepreneur Business Mangement Politics Cameras Advertising Transportation Rootkit Monitoring Batteries Smart Tech Computer Fan Trending Amazon Windows 8.1 Notifications Digitize Shortcut Addiction Windows Server 2008 R2 Cost Management Recycling Workers Benefits Customer relationships Wiring Social Networking Practices FENG Manufacturing Amazon Web Services IBM Relocation Email Best Practices IT Assessment Cache Safe Mode Flash Criminal Printer Server Smart Technology Video Games Computer Tips Running Cable GDPR Managed IT Service Hosted Computing Security Cameras Software Tips Biometric Security Memory Online Shopping Worker Commute Supercomputer Virtual CIO OneDrive Wireless Internet Peripheral File Sharing Sync Experience Emails Scalability Digital Security Cameras Camera Using Data Inventory Specifications Wire 5G Evernote Business Owner Copiers NarrowBand Quick Tip Netflix Travel Two Factor Authentication Millennials Search Ergonomics Printers Root Cause Analysis Smartwatch Science Smart Office HBO OLED Wireless Charging Knowledge iPhone Music Development PCI DSS Skype Virtual Machine Workforce 2FA Distributed Denial of Service Virtual Private Network Fiber Optics Customer Relationship Management Data loss Employee Outlook Cabling Analyitcs Consultant Cables Leadership Files Troubleshooting Messaging Chromecast Policy Start Menu Hypervisor Programming Analytics Telecommuting Loyalty Dark mode Project Management Trend Micro Nanotechnology Screen Mirroring Frequently Asked Questions Default App Best Available Cortana Colocation Books Uninterrupted Power Supply SMS Procedure Antivirus Mobile Saving Time WIndows 7 Digital Signature Windows 10s Monitor dark theme Warranty Shopping Cast Google Search Windows 8 IT service HVAC Tip of the week IT Infrastructure Google Apps webinar Emergency AI FinTech Professional Services Analysis Public Cloud Bing Employer Employee Relationship Tablet Assessment Reputation Administrator Streaming Media Social Network Devices Domains Enterprise Content Management Windows Server 2008 Investment Content Tech Support Windows Media Player Laptop Employees MSP Tools Employee/Employer Relationships User Accountants PowerPoint Techology ISP Credit Cards Television Customers Windows 365 IaaS Microchip Maintenance Thought Leadership Video Conferencing Password Management ROI Bloatware Password Manager Audiobook Touchpad Sales Bitcoin Managing Stress Shortcuts Multi-Factor Security

      Top Blog

      Taking a Vacation From Your Technology While On Vacation Can Actually Make Things Worse
      The reasoning for this is simple: you want to make sure that operations are proceeding as intended, even if you’re not there. If you completely check out from the workplace every time you leave, you could return from your vacation to a complete and total disaster that may have been prevented with y...
      Read More
      QR-Code