If you use WinRAR, it’s time to update to the latest version after a serious security vulnerability has been discovered that’s already in use by attackers. Google’s Threat Analysis Group (TAG) has found that multiple government-backed hacking groups have been exploiting the WinRAR vulnerability since early 2023.
Technology
- Home
- Technology
- News
PSA: it’s time to update WinRAR due to a big security vulnerability
Attackers are exploiting a security vulnerability in WinRAR that lets them execute arbitrary code. It’s time to update your install of WinRAR immediately.
Published 2 years ago on Oct 20th 2023, 10:00 am
By Web Desk
“A patch is now available, but many users still seem to be vulnerable,” says TAG in a blog post detailing the WinRAR exploit. “TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.”
WinRAR versions 6.24 and 6.23 both include a fix for the security hole, but the app doesn’t update automatically, so you’ll have to manually download and install the patch. That’s right, it’s 2023, and one of the most popular Windows apps still doesn’t have an auto-update feature.
The WinRAR vulnerability allows attackers to execute arbitrary code when a Windows user opens something like a PNG file within a ZIP archive. TAG describes the security exploit as “a logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces.”
The exploit has been used by attackers since early 2023
The exploit has also been used to target cryptocurrency trading accounts since April 2023. “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available,” says TAG. “These recent campaigns exploiting the WinRAR bug underscore the importance of patching and that there is still work to be done to make it easy for users to keep their software secure and up-to-date.”
This isn’t the first time a major WinRAR vulnerability has been discovered. In 2019, cybersecurity company Check Point Research discovered a 19-year-old code execution exploit that could give attackers full control over a victim’s computer.
You can download the latest WinRAR update right here, or, if you’re running Windows 11, you could simply use the native support for RAR 7-zip files that was included in the latest OS update.
Saudi low-cost Airline launches fifth destination in Pakistan
- a day ago
Dengue cases continue to rise across KPK,45 new confirmed cases report in the past 24 hours
- 17 hours ago
WWE 'Raw' takeaways: LA Knight's loss, JD McDonagh's win both carry weight
- a day ago
6.3 quake kills more than 20 in Afghanistan, 320 injured
- 18 hours ago
We can have growth while fighting climate change
- 21 hours ago
Govt, parliament to decide on sending troops to Gaza, Pak army focused on security: ISPR
- 9 hours ago
Three most-wanted terrorists linked to Fitna al-Khawarij arrested in Karachi
- 15 hours ago
Saturday Night's Main Event takeaways: Has Jey Uso's time to claim the World Heavyweight title passed?
- 11 hours ago
$168M owed to fired FBS head football coaches
- a day ago
NCAA hoops tourneys to use availability reports
- a day ago
Marchand nets 'special' goal for pal's late daughter
- 11 hours ago
Yamamoto seals MVP with epic Game 7 in relief
- 11 hours ago
You May Like
Trending
