The Center for Internet Security (CIS) has found a serious 7Zip security vulnerability. It lets attackers use what is called “arbitrary code execution.” Fortunately, there’s an easy fix.
7Zip Security Hole
7Zip is an open-source file archiver, and lets you compress and extract file archives. Arbitrary code execution means that an attacker could install apps on your PC, view/edit/delete data, or create new user accounts with full administrative access.
Mac users aren’t affected because 7Zip is only available for Windows. All versions of 7Zip before version 18.05 have been affected. There is a high risk to anyone that uses the software, whether you’re a government, big/small business, or home user.
The fix is really easy though: just download the latest version of 7Zip, which as of this writing is 18.05.