Jump to content
  • A WinRAR vulnerability affected half a billion users


    WinRAR is one of the most downloaded archivers in history, known to millions of users around the world. But the popularity of the software often makes it a target for hackers: as it turned out, hundreds of millions of owners of a copy of the famous application were under the threat of hacking.

    WinRAR1.png

    Experts of the company Checkpoint Research, working in the field of IT-security, published a report on the vulnerability found in the code archiver WinRAR. According to analysts, the detected exploit allows attackers to place a malicious file from the ACE archive directly into the Windows startup folder, bypassing the need to run an application with elevated privileges. The" weak link " of the application was the UNACEV2 library.dll that has not received updates since 2005.

    According to the ZDNet portal, exploit vendors have already shown interest in buying vulnerabilities in file compression utilities last year, offering to pay up to $ 100,000 for a remote code execution tool in WinRAR, 7-Zip, WinZip (on Windows), or tar (on Linux). Analysts say that over the past 19 years, more than 500 million WinRAR users have been at risk of infection.

    Since the source code of the library was lost, the developers of the archiver decided not to support the potentially dangerous format and deleted the corresponding files in the new version of the application. WinRAR users are recommended to upgrade to version 5.70 beta 1, available for download on The official website.


    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    Loading...

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.