New 7-Zip high-severity vulnerabilities expose systems to remote attackers — users should update to version 25 ASAP
https://www.tomshardware.com/tech-industry/cyber-security/7-zip-flaws-open-door-to-remote-code-executionOpen linkView original on lemmy.world165
Comments18
One of the big issues with 7-Zip is that it only really updates manually. There is literally no update functionality baked in, at least in the version I've been running.
Good, that's what package managers are for.
If only windows had package managers for the 100 million machines with 7zip out there
winget is actually smart enough to manage stuff installed outside of it, but that still requires users to actually use winget to begin with.
Winget, Chocolatey, Scoop, VU, Cargo. I could go on...
Can't you not use those unless you have admin rights on your PC which the vast majority of corporations (rightly) don't give.
Right, it's the end-users responsibility to update software in a corporate environment is it?
Scoop, by default deploys in ~\Scoop, and works in 95% of cases with a regular user.
Then the corporations are the ones on the hook to to update it. shrug
Winget exists, but I believe it has to be manually setup, and manually used.
It's been a while since I used Windows in general, so my knowledge is a bit outdated/rusty.
Manually triggered, yes. Manually setup, no - it’s already a part of Winblows 11.
I like https://ruckzuck.tools/
It has a section for updating and then a section for exploring for new programs that's relatively sanely sorted.
Wonderful
Just
run apt update && apt upgraderedownload from the website and rerun the installer.I'm happy to do that, but without any update notification a new update will likely go unnoticed for some time.
That's why I use NanaZip instead. It's a fork of 7-Zip that has been modernized.
If you updated at some point since July 5th you already have the update.
Ah thanks, I thought I remembered there being a big vulnerability earlier this year and I updated all my machines then
Dawg why is an offline program vulnerable to internet attacks :(
I’m curious as to how this works
Because said offline program is used to open malicious archive files from the internet.