0-Day Discovered in Popular Compression Tool, 7-Zip

Silent Breach Labs


Following discussions with the 7-Zip team, Silent Breach can now disclose that we've identified a 0-day vulnerability that may, under specific circumstances, allow for the retrieval of files from an AES-256 encrypted archive.
                        
Silent Breach and 7-Zip are working to address this issue, and to ensure that users remain protected and informed in the meantime.

7-Zip is a popular open-source utility program that enables users to encrypt, compress and archive files. For more information or for guidance on how this issue may affect your organization, please contact Silent Breach at: hello@silentbreach.com

Silent Breach's research team uncovers new 0-days in popular systems on a regular basis and works closely with the affected parties to ensure that the vulnerabilities are properly and securely disclosed, monitored and patched.

As a standard practice, Silent Breach does not confirm, discuss or disclose any security issues or vulnerabilities until a fix has been released on all affected systems or until express permission has been provided by the relevant parties.


About Silent Breach: Silent Breach is an award-winning provider of cyber security services. Our global team provides cutting-edge insights and expertise across the Data Center, Enterprise, SME, Retail, Government, Finance, Education, Automotive, Hospitality, Healthcare and IoT industries.