Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Tom’s Guide
Tom’s Guide
Technology
Amber Bouman

This popular Windows utility for ZIP files has a dangerous vulnerability

Malware.

Early versions of 7-Zip, a file compression program, are affected by a security flaw with a severity score of 7.8 out of 10.

Disclosed by Trend Micro’s Zero Day Initiative and first discovered by Trend Micro Security researcher Nicholas Zubrisky back in June of this year, the flaw affects all 7-Zip versions prior to 24.07 and allows attackers to execute code on a victim’s machine.

An easy exploit, the threat actors could use any of several attack vectors to exploit a specific flaw in the implementation of the program's Zstandard decompression. The ZDI advisory goes on to explain that the proper validation of user-supplied data can then be leveraged to execute code in the context of the current process.

Basically, this means that although it would likely require victim interaction such as opening a file, the archives could be used to install malware on your PC.

The current version of 7-Zip is 24.08, released on June 19, 2024. However, as the program doesn’t have automatic updates, the app itself and subsequent updates need to be manually installed to protect users.

How to stay safe

So, if you are running 7-Zip and especially a version earlier than 24.07, make sure to manually install the latest update immediately to avoid falling victim to any cyberattacks leveraging these flaws.

As always though, never open any files you didn't ask for, don’t open them when you don't recognize the sender and when you're not sure what they are. To protect yourself further, make sure you’re using the best antivirus software to keep your Windows PC safe from the latest threats.

More from Tom's Guide

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.