Serious security hole plugged in infosec tool binwalk

Security analysis tool Binwalk poses a risk to users running outdated versions due to a security pitfall that could lead to remote code execution. Researcher Quentin Kaiser discovered that a mistake in binwalk’s Professional File System extractor plugin has created a vulnerability that lets files be written outside of the extraction directory. Kaiser eventually alerted Microsoft-owned Refirm Labs to the issue, which released a patch for it after three months.