Mummunan rauni a cikin 7-Zip yana ba da damar aiwatar da lambar nesa: ana kiyaye ku?

  • Mummunan rauni yana shafar nau'ikan kafin 7-Zip 24.07, yana barin maharan su aiwatar da lambar sabani.
  • Kwaro yana cikin aiwatar da lalatawar Zstandard, yana haifar da zubewar lamba.
  • Dole ne masu amfani su ɗaukaka da hannu zuwa 7-Zip 24.08 don guje wa haɗari saboda kayan aikin ba shi da sabuntawa ta atomatik.
  • Ana iya amfani da buɗe fayilolin da ake tuhuma azaman harin kai hari, yana nuna buƙatar taka tsantsan.

Rashin lahani a cikin 7-zip

Una sabon rauni yana sanya 7-Zip a cikin haske, ɗaya daga cikin aikace-aikacen damfara fayilolin da aka fi amfani da su a duk duniya. Wannan software, tare da dogon tarihin dogara ga tsarin aiki da yawa, an gano shi a matsayin mai rauni ga hare-haren da zai iya lalata na'urorin sirri da na kamfanoni.

Wannan rauni, rajista kamar yadda CVE-2024-11477, yana rinjayar duk nau'ikan kafin 7-Zip 24.07 kuma yana bawa maharan damar aiwatar da muggan code. Matsalar ta ta'allaka ne a cikin tsarin lalata Zstandard, inda ingantattun bayanai na iya haifar da zubewar lamba, haifar da keta wanda ke sauƙaƙe shiga tsarin mara izini.

Hanyoyin fasaha a bayan rashin lafiyar

Kwaron yana cikin ɗakin karatu na lalatawar Zstandard, wani muhimmin sashi wanda ya shahara musamman akan tsarin Linux kamar yadda ya dace da Btrfs, SquashFS da OpenZFS. Amfani yana faruwa lokacin da aka sarrafa fayiloli na musamman don cin gajiyar wannan rauni. Ta hanyar mu'amala da waɗannan fayilolin, maharin na iya aiwatar da lamba a cikin mahallin mai amfani na yanzu, mai yuwuwar lalata dukkan tsarin.

Dangane da rahotanni daga Trend Micro Security da Zero Day Initiative (ZDI), an gano wannan raunin a watan Yuni 2024 kuma ya sami maki 7.8 na CVSS, yana rarraba shi a matsayin babban barazana. Ko da yake yana buƙatar hulɗar mai amfani, kamar buɗe fayil, haɗarin haɓaka yana zuwa daga sauƙi zuwa waɗannan fayiloli ta hanyar imel ko raba fayil.

Tasiri kan masu amfani da matakan ragewa

Tsananin wannan gazawar yana cikin babban tushen mai amfani na 7-Zip, wanda ya haɗa da daidaikun mutane da kamfanoni waɗanda suka dogara da wannan kayan aiki don sarrafa manyan kundin bayanai. Duk da fitar da faci a cikin sigar 24.07 da kuma ci gaba mai zuwa a 24.08, yawancin masu amfani ba su san batun ba saboda rashin tsarin sabuntawa ta atomatik a cikin 7-Zip.

Masana harkokin tsaro sun ba da shawara Ɗaukaka software da hannu zuwa sabuwar sigar da ake da ita don rufe wannan rauni. Bugu da ƙari, masu haɓakawa da ke da alhakin samfuran da ke haɗa 7-Zip a cikin tsarin su yakamata su ci gaba da aiwatarwa nan da nan.

Shawarwari don kare ku

Halin da ake ciki yanzu yana nuna mahimmancin ɗaukar matakan rigakafi. Ga wasu matakai masu amfani:

  • Sabuntawa zuwa sigar 24.08 na 7-Zip ta official website.
  • A guji buɗe fayilolin da aka matsa daga tushen da ba a dogara ba.
  • Cire tsoffin sigogin idan ba lallai ba ne da ake bukata su zo.
  • Cika tsaro da mai kyau riga-kafi software don gano yiwuwar ƙarin barazanar, kodayake wannan batu bazai kasance ba don haka wajibi ne akan Linux.

Bugu da ƙari, ana ba da shawarar ƙungiyoyi su sake duba tsarin sarrafa fayil ɗin su da yi yakin wayar da kai game da haɗarin da ke tattare da sarrafa fayilolin da aka matsa.

Rashin raunin 7-Zip yana zama tunatarwa game da mahimmancin ɗaukar kyawawan ayyukan tsaro na intanet. Daga sabunta aikace-aikacen akai-akai zuwa yin kaffa-kaffa da fayilolin da ba a san su ba, ƙananan matakai na iya yin tasiri wajen kiyaye bayanan ku da na'urorinku daga hare-haren cyber.


Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Alhakin bayanai: AB Internet Networks 2008 SL
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.