A newly disclosed security vulnerability in the popular 7-Zip file compression software has raised significant concerns in the cybersecurity community.
For Linux systems, attackers need the target to be using a vulnerable 7-Zip version while extracting an archive format that supports symbolic links, such as ZIP, TAR, 7Z, or RAR files.
On Windows systems, additional requirements must be met for successful exploitation. The 7-Zip extraction process must have elevated privileges or operate in Windows Developer Mode to create symbolic links. This makes Windows systems somewhat less susceptible but not immune to the attack.
So Linux users would have to scan for symbiotic links beforehand, and Windows users just need to never run with elevated privileges, or scan beforehand if they do (I’m assuming that elevated privileges means “run as administrator”?)
From the article about what is vulnerable:
So Linux users would have to scan for symbiotic links beforehand, and Windows users just need to never run with elevated privileges, or scan beforehand if they do (I’m assuming that elevated privileges means “run as administrator”?)