Update WinRAR to fix a 19-year-old security vulnerability

2 minute read
winrar security vulnerabilities

Home » News » Update WinRAR to fix a 19-year-old security vulnerability

We have been using the file extraction software WinRAR for ages.  Do you think that WinRAR is a safe option? The answer is NO!. Surprisingly, the software has just patched a 19-year-old security vulnerability.

The attackers were taking advantage of the vulnerability for injecting malicious software on your disk.

How were the attackers remotely executing malware?

The attackers injected the malware into your systems by prompting users to buy WinRAR. Those who clicked “next time” were trapped in an indefinite file extraction loop.

That is the only time when the attackers got the opportunity to access user’s computers. They were able to use a RAR extension for renaming an ACE file which ended up extracting a malicious program to a startup folder.

Researchers found a path-traversal flaw was responsible for the extraction of the executable files. It allows the software to run automatically on each reboot. The attackers just need to convince the victim to open a malicious archive file. 

As soon as the Check Point Security Technologies spotted the bug, WinRAR released the latest version of the software. Now, the software no longer supports ACE archives. You won’t be able to open your old files supporting an ACE archive stored on your disk.

— RELATED: Best Windows 10 antivirus solutions to install in 2019 [UNBIASED LIST]

In a shocking revelation, the software has put the security of over 500 million users at stake for the past two decades. We can understand how attackers thought WinACE, to be a feasible option as it has not received any update since 2007. Notably, 7-zip does not support ACE files so we assume the software to be safe for use. 

A short video explains the hacking malicious attack.

Mitigating the Risk

When did you last updated your WinRAR software? If you are one of those who have not updated their Software during the past few years, you need to update to the latest version at your earliest.

Importantly, avoiding the files received from an unknown source it’s the best workaround to fix the issue.

RELATED GUIDES YOU NEED TO CHECK OUT:

Discussions

Next up

Windows 10 Calendar not syncing with Gmail/Outlook [FIXED]

Vladimir Popescu avatar. By: Vladimir Popescu
3 minute read

A wide number of users have complained about an issue caused by Windows 10 Calendar not syncing with Gmail/Outlook. This issue can cause a lot […]

Continue Reading

Sorry this channel is temporarily unavailable Hulu error [FIXED]

Sovan Mandal avatar. By: Sovan Mandal
2 minute read

Hulu can be a great entertainment platform, but many users reported Sorry this channel is temporarily unavailable message while watching live sports feed. While that […]

Continue Reading

Windows 10 19H2 Build 18362.10006 isn’t available for all Windows insiders

Vlad Turiceanu By: Vlad Turiceanu
2 minute read

Today Microsoft released a new Windows 10 19H2 build for a subset of lucky Windows insiders in the Slow ring. It’s not really new, because […]

Continue Reading