WinRAR Finally Patches 19-Year-Old Security Vulnerability

WinRAR’s 19-year-old security vulnerability, that allowed attackers to extract malicious software anywhere on the user’s hard drive, has finally been patched in the latest beta release (v5.70 beta 1) of the popular file archiver utility for Windows platforms (via The Verge).

WinRAR 1021x580

According to the WinRAR, over 500 million users worldwide make its software the world’s most popular compression tool today. The security flaw was discovered by researchers at Check Point Software Technologies, who have also created a short video (embedded below) detailing how it works.

Apparently, the attackers simply needed to rename an ACE file to give it a RAR extension and then get WinRAR to extract a malicious program to a computer’s startup folder:


“After the security researchers informed WinRAR of their findings, the team patched the vulnerability with version 5.70 beta 1 of the software. Rather than attempt to fix the issue, the team opted to drop support for ACE archives entirely, which was probably the sensible option considering the only program capable of creating the archives, WinACE, hasn’t been updated since 2007.”

If you use WinRAR on your computer, we strongly advise you to update it right away.

Youtube video

Want to see more of our stories on Google?

Add iPhone in Canada as a Preferred Source on Google

P.S. Want to keep this site truly independent? Support us by buying us a beer, treating us to a coffee, or shopping through Amazon here. Links in this post are affiliate links, so we earn a tiny commission at no charge to you. Thanks for supporting independent Canadian media!

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
0
Would love your thoughts, please comment.x
()
x