this post was submitted on 22 Nov 2024
83 points (100.0% liked)

Cybersecurity

1 readers
9 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Rules

Community Rules

founded 1 year ago
MODERATORS
 

The popular file compression program 7-Zip is currently affected by a high-severity vulnerability.

#vulnerability #cyberattack #CyberSecurity #app

https://cnews.link/7-zip-affected-by-dangerous-vulnerability-1/

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 15 points 2 days ago (4 children)

The app and subsequent updates must be installed manually, as the program doesn’t have automatic updates.

BRB updating 7zip on my Windows partitions real quick. Since apparently automatic updates for 7zip aren't a thing, I bet they've never been updated on my machines ever since initially installing it with Ninite

[–] [email protected] 9 points 2 days ago

To be fair apps checking for updates is a stupid backwards thing from Windows, where you'd install manually random packages from random sources.

Checking for updates is the job of your package manager, and in any reasonable system that should be enough

[–] [email protected] 6 points 2 days ago (1 children)

Use chocolatey. It takes the headache out of a large part of running Windows.

[–] [email protected] 2 points 2 days ago (1 children)

I don't use Windows these days but don't they have winget?

[–] [email protected] 1 points 2 days ago

Some versions of Windows do!

[–] [email protected] 7 points 2 days ago (1 children)

I bet ninite gave you an update when you ran the installer app again.

Otherwise, can I speak to you about our Lord and Savior Chocolatey? choco update should do it (I fumble here - I use a config management app to manage my wife's desktop)

[–] [email protected] 1 points 2 days ago

You're probably wanting choco upgrade 7zip --confirm

[–] [email protected] 3 points 2 days ago* (last edited 2 days ago)

That's only true for Windows.

On most Linux distribution, users would get a notification for the update (7zip et al). And the shutdown confirmation dialog would show a pre-checked "Update and shutdown" option.

Some have auto-update enabled. By the time I go look at my Linux machine, it may already have the fix installed.