Security communities are actively addressing threats ranging from archive extraction flaws to enterprise-level intrusion detection systems.
A newly disclosed vulnerability, designated CVE-2025-55188, affects 7-Zip versions before 25.01, enabling arbitrary file write operations that could lead to remote code execution.
The flaw exploits improper handling of symbolic links during archive extraction, particularly affecting Linux systems and Windows environments with elevated privileges.
Security researcher Lunbun identified the attack vector, which requires users to extract maliciously crafted archives that support symbolic links, such as .zip, .tar, .7z, or .rar formats.
The vulnerability allows attackers to overwrite sensitive files, including SSH keys or .bashrc configurations, potentially achieving unauthorized access.
Despite MITRE’s initial CVSS score of 2.7, the researcher contends this significantly underrepresents the actual risk level, citing the potential for arbitrary code execution through file system manipulation.
Apple’s Product Security team issued multiple security advisories addressing critical vulnerabilities across its ecosystem.
The company released iOS 18.6 and iPadOS 18.6, alongside updates for macOS Sequoia 15.6, macOS Sonoma 14.7.7, and macOS Ventura 13.7.7.
Additional patches were deployed for watchOS 11.6, tvOS 18.6, visionOS 2.6, and Safari 18.6.
These updates address various security issues, including memory corruption vulnerabilities in the afclip component and denial-of-service vulnerabilities in the Admin Framework.
The comprehensive nature of these updates indicates Apple’s proactive approach to addressing potential attack vectors across its hardware and software platforms, with particular attention to privacy-related components affecting accessibility features.
The security research community continues to develop sophisticated tools for network analysis and vulnerability assessment.
Recent developments include Nmap 7.95, featuring enhanced OS and service detection capabilities with over 6,500 processed fingerprints and 336 new OS signatures.
The Npcap 1.82 release introduced VLAN tagging support, enabling packet capture and transmission with enhanced network visibility.
Security mailing lists report active discussions around new NSE (Nmap Scripting Engine) scripts for web application security testing, including XSS vulnerability detection and null byte poisoning assessments.
Additionally, researchers disclosed multiple CVEs affecting enterprise systems, including CVE-2025-41673 through CVE-2025-41678, targeting Helmholz Industrial Router REX100 devices, highlighting ongoing security challenges in industrial control systems.
These developments underscore the critical importance of maintaining current security patches and implementing robust vulnerability management programs across organizational infrastructure.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant Updates
The post 7-Zip Flaw Allows Arbitrary File Write and Remote Code Execution appeared first on Cyber Security News.
NEW YORK (AP) — Two Bucks County men who brought explosives to a far-right protest outside New…
ROCKFORD, Ill. (WTVO) — The Auburn Street reconstruction project, repairing water main, bumpy roads, and…
Since the earliest cave paintings, human beings have used art to recreate the world around…
Here's a rare chance to pick up a massive, current generation, higher-end OLED TV at…
Apple recently unveiled its newest budget smartphone - the Apple iPhone 17e - on March…
A convincing fake website posing as the popular Mac utility CleanMyMac is actively pushing dangerous…
This website uses cookies.