7-Zip has Dangerous Vulnerabilities which can allow attackers to compromise systems. Update immediately. MalwareBytes uses 7-Zip which makes it vulnerable. Many other products besides MalwareBytes use 7-Zip
It is a compression utility. It runs standalone or as part of other programs like MalwareBytes Programs that use 7-Zip are vulnerable including MalwareBytes and many others. 7-Zip version 16.00 has been fixed. All products that use 7-Zip need to rebuild their apps.
I have used 7-zip for years, no problems. The latest version is stable and no known vulnerabilities. "Sadly, many security vulnerabilities arise from applications which fail to properly validate their input data. Both of these 7-Zip vulnerabilities resulted from flawed input validation. Because data can come from a potentially untrusted source, data input validation is of critical importance to all applications’ security. Talos has worked with 7-Zip to responsibly disclose, and then patch these vulnerabilities. Users are urged to update their vulnerable versions of 7-Zip to the latest revision, version 16.00, as soon as possible." Cisco Talos Blog: Multiple 7-Zip Vulnerabilities Discovered by Talos
The flaws were fixed in 7-Zip 16.00 Versions prior to 16.00 are vulnerable according to reports. All products that use 7-Zip need to rebuild their apps otherwise they will be vulnerable.
Not likely to find many developers around these parts. DOWNLOAD 7-ZIP here: 7-Zip (and never anywhere else)
Some monkeys are developers This affects all users of 7-Zip and users of programs that use 7-Zip like MalwareBytes, FireEye and many more. Ironically MalwareBytes and FireEye are security programs. 7-Zip is used to create self-extracting executable files. Millions or Billions of users are potentially affected.
It's not that serious. UDF Issue (CVE-2016-2335): Fix Version: 16.00 Vulnerable versions: 9.20 (confirmed) through 15.14 Also, versions 4.59 beta and later might be affected, as the UDF support had been introduced with that version (according to the change history at: http://www.7-zip.org/history.txt) HFS Issue (CVE-2016-2334): Fix Version: 16.00 Vulnerable versions: 9.32 (assumed) through 15.14 HFS support is available since version 4.59 beta. However, version 9.20 still does not include the vulnerable code, so I assume that the vulnerability had been introduced with 9.32 (according to the change history at: http://www.7-zip.org/history.txt, which says: "... HFS, ... support was improved.") I was running an older version (9.2) which did not include the vulnerable HFS code. But, for folks who were using the latest prior to the 16.0 release, updating is a good idea just to be safe. Most users will not even come into a situation where they are packaging or unpacking a UDF archive, but I know how geeks like to get all antsy over security...