Una sabon rauni yana sanya 7-Zip a cikin haske, ɗaya daga cikin aikace-aikacen damfara fayilolin da aka fi amfani da su a duk duniya. Wannan software, tare da dogon tarihin dogara ga tsarin aiki da yawa, an gano shi a matsayin mai rauni ga hare-haren da zai iya lalata na'urorin sirri da na kamfanoni.
Wannan rauni, rajista kamar yadda CVE-2024-11477, yana rinjayar duk nau'ikan kafin 7-Zip 24.07 kuma yana bawa maharan damar aiwatar da muggan code. Matsalar ta ta'allaka ne a cikin tsarin lalata Zstandard, inda ingantattun bayanai na iya haifar da zubewar lamba, haifar da keta wanda ke sauƙaƙe shiga tsarin mara izini.
Hanyoyin fasaha a bayan rashin lafiyar
Kwaron yana cikin ɗakin karatu na lalatawar Zstandard, wani muhimmin sashi wanda ya shahara musamman akan tsarin Linux kamar yadda ya dace da Btrfs, SquashFS da OpenZFS. Amfani yana faruwa lokacin da aka sarrafa fayiloli na musamman don cin gajiyar wannan rauni. Ta hanyar mu'amala da waɗannan fayilolin, maharin na iya aiwatar da lamba a cikin mahallin mai amfani na yanzu, mai yuwuwar lalata dukkan tsarin.
Dangane da rahotanni daga Trend Micro Security da Zero Day Initiative (ZDI), an gano wannan raunin a watan Yuni 2024 kuma ya sami maki 7.8 na CVSS, yana rarraba shi a matsayin babban barazana. Ko da yake yana buƙatar hulɗar mai amfani, kamar buɗe fayil, haɗarin haɓaka yana zuwa daga sauƙi zuwa waɗannan fayiloli ta hanyar imel ko raba fayil.
Tasiri kan masu amfani da matakan ragewa
Tsananin wannan gazawar yana cikin babban tushen mai amfani na 7-Zip, wanda ya haɗa da daidaikun mutane da kamfanoni waɗanda suka dogara da wannan kayan aiki don sarrafa manyan kundin bayanai. Duk da fitar da faci a cikin sigar 24.07 da kuma ci gaba mai zuwa a 24.08, yawancin masu amfani ba su san batun ba saboda rashin tsarin sabuntawa ta atomatik a cikin 7-Zip.
Masana harkokin tsaro sun ba da shawara Ɗaukaka software da hannu zuwa sabuwar sigar da ake da ita don rufe wannan rauni. Bugu da ƙari, masu haɓakawa da ke da alhakin samfuran da ke haɗa 7-Zip a cikin tsarin su yakamata su ci gaba da aiwatarwa nan da nan.
Shawarwari don kare ku
Halin da ake ciki yanzu yana nuna mahimmancin ɗaukar matakan rigakafi. Ga wasu matakai masu amfani:
- Sabuntawa zuwa sigar 24.08 na 7-Zip ta official website.
- A guji buɗe fayilolin da aka matsa daga tushen da ba a dogara ba.
- Cire tsoffin sigogin idan ba lallai ba ne da ake bukata su zo.
- Cika tsaro da mai kyau riga-kafi software don gano yiwuwar ƙarin barazanar, kodayake wannan batu bazai kasance ba don haka wajibi ne akan Linux.
Bugu da ƙari, ana ba da shawarar ƙungiyoyi su sake duba tsarin sarrafa fayil ɗin su da yi yakin wayar da kai game da haɗarin da ke tattare da sarrafa fayilolin da aka matsa.
Rashin raunin 7-Zip yana zama tunatarwa game da mahimmancin ɗaukar kyawawan ayyukan tsaro na intanet. Daga sabunta aikace-aikacen akai-akai zuwa yin kaffa-kaffa da fayilolin da ba a san su ba, ƙananan matakai na iya yin tasiri wajen kiyaye bayanan ku da na'urorinku daga hare-haren cyber.