A Major Security Bug In WinRAR Has Put Millions Of Users At Risk

WinRAR's 19-year-old security vulnerability put millions of users at risk
Security researchers want you to be more alert next time when compressing a file using WinRAR as they have found a major flaw in all of the application’s versions that can easily hijack your PC with a malicious archive.

This severe security flaw has been discovered with the help of tech researchers at Check Point in all of WinRAR versions which were released in the last 19 years. The vulnerability is hidden in the UNACEV2.DLL library and can affect 500 million users of WinRAR all together (as claimed by their website).

Previously, this library was responsible for unpacking archives in the ACE format and that is where all the risk starts as decompressing it can spread malicious files to unwanted destinations within the system like Windows PC's Startup folder. The coding flaws in the ACE archive makes it easier to patch more virus and hence, hackers can potentially hijack your PC right on the next reboot.


WinRar’s own developers lost access to the UNACEV2.DLL library source code back in 2005, which also forced them to stop supporting ACE archive formats in their application. But fortunately, they are now ready to tackle this issue with WinRAR 5.70 Beta 1, which was released recently on January 28. Users should update to WinRAR’s latest version before exploit vendors reach up to their email with the ACE archive.
"This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format.", explained security researcher Nadav Grossman.
If you have any users at home or employees who use the compressing software very often, warn them about the chance of an incoming malicious email and threat related to their current version of WinRAR as soon as possible.

No comments:

Post a Comment