Gadget Insiders
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox
No Result
View All Result
Gadget Insiders
No Result
View All Result
Home PC

Alert for All PC Users – How the Latest 7-Zip Update Stops Hackers in Their Tracks

Prashant Chaudhary by Prashant Chaudhary
January 23, 2025
in PC, News
Reading Time: 2 mins read
0
Alert for All PC Users How the Latest 7-Zip Update Stops Hackers in Their Tracks

Alert for All PC Users: How the Latest 7-Zip Update Stops Hackers in Their TracksIn a significant development aimed at bolstering cybersecurity, the popular file archiver 7-Zip has released an urgent update to fix a high-severity vulnerability. This flaw previously allowed attackers to bypass Windows’ Mark of the Web (MotW) security warnings, posing a severe risk to users by enabling the execution of malicious code through nested archives.

Alert for All PC Users How the Latest 7-Zip Update Stops Hackers in Their Tracks-
7-Zip update enhances user security

Understanding the Mark of the Web (MotW) Feature

Introduced in version 22.00 of 7-Zip in June 2022, the MotW feature is crucial for enhancing the security protocols on Windows operating systems. By marking files extracted from downloaded archives with a ‘Zone.Id’ alternate data stream, it signals to the system and applications like web browsers that these files originate from potentially untrusted sources. Such a precaution prompts users with a warning when they attempt to open these files, helping to prevent unwanted installations or the execution of harmful malware.

Insights into the Vulnerability and Its Implications

The vulnerability, identified as CVE-2025-0411, was highlighted in a recent advisory by Trend Micro. According to their findings, this flaw stemmed from an oversight where 7-Zip failed to transfer the MotW tag to files extracted from a nested archived structure. This lapse meant that even files with malicious intent could bypass security alerts, thus not triggering the expected warnings when such files were accessed.

“The specific flaw exists within the handling of archived files,” Trend Micro reported. “An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user.”

Alert for All PC Users How the Latest 7-Zip Update Stops Hackers in Their Tracks--
Patch fixes critical security flaw

Prompt Response and Patch Release

Acknowledging the gravity of this issue, 7-Zip’s developer, Igor Pavlov, acted swiftly to address the security gap, releasing an update on November 30, 2024. The updated version, 7-Zip 24.09, ensures that the Zone.Identifier stream is consistently applied to files extracted from any form of nested archives.

Alert for All PC Users How the Latest 7-Zip Update Stops Hackers in Their Tracks-----
Update now to prevent hacking

The Ongoing Risk and Call to Action for Users

Despite the availability of the patch, a significant concern remains as 7-Zip does not feature an auto-update function. Consequently, many users may still be operating an outdated, vulnerable version of the software. It is crucial for all 7-Zip users to manually update their software to prevent potential exploits by cybercriminals who are quick to leverage such vulnerabilities for malicious purposes.

Alert for All PC Users How the Latest 7-Zip Update Stops Hackers in Their Tracks---
Urgent action is required for 7-Zip

Recent Exploits and the Broader Impact

This incident is not isolated. Similar MotW bypass vulnerabilities have been exploited in the past. For instance, Microsoft patched a MotW security flaw in June that was exploited by the DarkGate malware operators. Additionally, the Water Hydra hacking group has been active, utilizing a similar bypass in their targeted attacks on financial platforms.

Alert for All PC Users How the Latest 7-Zip Update Stops Hackers in Their Tracks----
Secure your PC against malware

Final Thoughts

The urgency with which users need to update their 7-Zip software cannot be overstated. Staying vigilant and ensuring that all software is up-to-date are fundamental steps in safeguarding personal and organizational data from sophisticated cyber threats.

Tags: 7-ZipCybersecurityMalware ProtectionSoftware UpdateTech SafetyVulnerability PatchWindows Security

TRENDING

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers---

GitHub Launches New AI Agent to Fix Bugs, Add Features, and Revolutionize Coding for Developers

May 23, 2025
Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

Apple Delays Major AirPods Updates Until 2026, No New AirPods Pro in 2025

May 23, 2025
Apple to Let EU Users Switch from Siri to Google Assistant or AlexaApple to Let EU Users Switch from Siri to Google Assistant or Alexa

Apple to Let EU Users Switch from Siri to Google Assistant or Alexa

May 23, 2025
Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

Take-Two CEO Confirms Short Delay for GTA 6, No Further Postponements Expected

May 23, 2025
Bluesky Tests New 'Live' Feature to Link Sports and Livestreams Directly from Profiles

Bluesky Tests New ‘Live’ Feature to Link Sports and Livestreams Directly from Profiles

May 23, 2025
iPhone 17 Air Leaked Battery and Weight Details Spark Excitement Ahead of Launch

iPhone 17 Air – Leaked Battery and Weight Details Spark Excitement Ahead of Launch

May 23, 2025
Qualcomm Snapdragon 8 Elite 2: What to Expect from the 2025 Flagship SoC

Qualcomm Snapdragon 8 Elite 2 – What to Expect from the 2025 Flagship SoC

May 23, 2025
Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

Epic Games Takes Apple to Court to Bring Fortnite Back to iOS Store

May 23, 2025
  • Contact Us
  • Terms
  • Privacy
  • Copyright
  • About Us
  • Fact Checking Policy
  • Corrections Policy
  • Ethics Policy

Copyright © 2023 GadgetInsiders.com

No Result
View All Result
  • Android
  • Apple
  • Gaming
  • iOS
  • PC
  • Phones
  • Playstation
  • Reviews
  • Samsung
  • Xbox

Copyright © 2023 GadgetInsiders.com.