🚨 SECURITY PSA - 7ZIP VULN🚨
Update your 7zip, folks
https://cybersecuritynews.com/7-zip-vulnerability-arbitrary-code/
[#]cybersecurity #zeroday #7zip #malware #security #it #infosec
=> More informations about this toot | More toots from neatchee@urusai.social
@neatchee again?!
=> More informations about this toot | More toots from arichtman@eigenmagic.net
@arichtman @neatchee no. This was proven to be false. there's a whole conversation about it on Mastodon. https://infosec.exchange/@obivan/113741898038858268
=> More informations about this toot | More toots from screaminggoat@infosec.exchange
@screaminggoat @arichtman ah interesting. I'll update the link to point at the actual CVE
=> More informations about this toot | More toots from neatchee@urusai.social
@neatchee oh this is the one from last month. My mistake. That one is legit: CVE-2024-11477 (7.8 high)
There was some controversy this morning when someone dropped an alleged zero-day poc exploit.
=> More informations about this toot | More toots from screaminggoat@infosec.exchange
@screaminggoat heh yeah, that was supposedly utilizing this CVE which is what led me to it.
I would normally hold off on posting something this old but 7z has no self update mechanism so people tend to run old versions :/
=> More informations about this toot | More toots from neatchee@urusai.social
@arichtman nah, this is the one from last month, but since 7z doesn't self-update I figure I'd do my part in getting people to grab the latest version
=> More informations about this toot | More toots from neatchee@urusai.social
@neatchee it's a fake proof of concept https://therecord.media/fake-zero-day-7Zip
=> More informations about this toot | More toots from screaminggoat@infosec.exchange This content has been proxied by September (ba2dc).Proxy Information
text/gemini