application my man. Literally the first paragraph of the article contains:
If a user simply opens a booby-trapped crafted archive (.7z, .zip, .rar, etc) on a machine with at least 16 GB of RAM, they’ll be running malicious code. Extracting the archive isn’t necessary; only opening it is enough. We recommend that everyone immediately update to the latest version, 26.01, published in late April; all previous versions are vulnerable.
…and because i’m sure people still won’t read the article, this also includes countless things that use 7zip libraries to do zipping actions, including things like file browsers, chocolatey and probably other stuff. 7zip is foss and widely used for all kinds of things t hat go beyond consumer gui usage.
Prove_your_argument@piefed.social 19 hours ago
application my man. Literally the first paragraph of the article contains:
Prove_your_argument@piefed.social 19 hours ago
…and because i’m sure people still won’t read the article, this also includes countless things that use 7zip libraries to do zipping actions, including things like file browsers, chocolatey and probably other stuff. 7zip is foss and widely used for all kinds of things t hat go beyond consumer gui usage.
T4V0@lemmy.pt 7 hours ago
More often than not, I don’t read the article due to a lemming summing it up nicely for us in the comments lol.
aeronmelon@lemmy.world 18 hours ago
That’s exactly why I asked for clarification. Is this an issue with their executable or is it their compression code?
I use Keka for macOS, which uses 7zip’s code for handling .7z archives. So I should probably hope for a quick update from them.
4am@lemmy.zip 17 hours ago
You asked if it was the application or the file format.
Sounds like neither, it’s the compression library.
Aria@lemmygrad.ml 11 hours ago
What does it mean to open it in this case?
KeenFlame@feddit.nu 12 hours ago
So the format.
Or did we talk about if just having a file allows remote execution?