Fake vulnerability in 7-Zip sows confusion on X (Twitter)
Last Monday, an X user, allegedly named @NSA_Employee39, posted an alert regarding a supposed vulnerability in open-source archiving software 7-Zip. This announcement, quickly shared and commented on, turned out to be a false alarm, as confirmed by Igor Pavlov, lead developer of 7-Zip.
Advertising
An alleged worrying flaw
The account @NSA_Employee39, which claimed to reveal previously unpublished security vulnerabilities (called zero-days) to mark his arrival on X, declared having discovered an ACE (arbitrary code execution) flaw in 7-Zip. Such a vulnerability would have allowed attackers to execute malicious code on users' computers.
To prove his point, the user shared a code snippet on Pastebin, claiming that this code exploited a manipulated .7z archive to trigger a memory overflow in a 7-Zip LZMA function.
Quickly denied by experts
However, cybersecurity professionals were quick to doubt the authenticity of this alleged vulnerability. Several experts, after analyzing the code, claimed that it did not work as advertised.
Igor Pavlov, the developer of 7-Zip, also spoke on the software's official forum. He described this ad as “fake” and expressed his incomprehension of the user’s attitude. Pavlov said: “There are no ACE vulnerabilities in 7-Zip or LZMA. »
Why spread false information?
This type of announcement, although erroneous, can sow confusion and distract from real cybersecurity threats. The motivations behind this false alert remain unclear: seeking attention, an attempt at disinformation or a simple ill-intentioned joke?
Vigilance in a sensitive context
The incident serves as a reminder of the importance of verifying information sources, particularly in the area of IT security. False announcements can not only create a sense of panic but also undermine the credibility of legitimate alerts.
Although this alleged flaw has been debunked, it is still recommended to keep your software up to date to protect against real cyber threats. Cybersecurity is based on caution and the use of reliable information channels.