A new version of the free and open-source file archiver 7-Zip has been released that fixes a critical vulnerability. Through the vulnerability an attacker could take control over the system. All that needed to happen was that the user opened a specially prepared RAR file.
The issue is more critical because the developer of 7-Zip didn't use specific security measures to limit the impact of the vulnerability, such as Address Space Layout Randomization (ASLR). ASLR should make it harder for attackers to abuse vulnerabilities in software.
The security researcher who discovered the vulnerability informed the developer of 7-Zip on the 6th of March this year. Yesterday the issue was patched with the release of 7-Zip 18.05, which not only fixes the vulnerability but also adds the ASLR security measure to the software.
7-Zip is amongst the most popular software on the internet, between 2002 and 2016 7-Zip was downloaded 410 million times from open-source hosting platform Sourceforge alone. Softpedia reports nearly 610,000 downloads, from Download.com the software is downloaded more than 10 million times.
All users of 7-Zip are advised to update the software to the latest version, which is can be downloaded from here.
