This notorious compression software can be exploited to run a program remotely on the devices of potential victims, which is a major problem, to say the least.
WinRAR is like everyone else: it is not immune to malicious acts. However, there are solutions to protect you from it, and we explain everything to you.
A flaw that facilitates the installation of malware
This new flaw was spotted in early June by a certain goodbyeselene, security researcher and member of the Zero Day Initiative (ZDI). Listed as CVE-2023-40477, it allows a malicious actor to execute an arbitrary command on a computer where an infected archive is unpacked. ” An attacker can take advantage of this vulnerability to execute code within the running process “, indicates the ZDI. This means that it is quite possible to install malware using the permissions acquired by WinRAR on Windows.
However, this necessarily involves the victim’s interaction with a booby-trapped archive. You have to encourage him to open it with the compression software, which is not the most difficult task, given the popularity of WinRAR. Due to the relative ease with which it can be implemented and the risks involved, this vulnerability has a CVSS score of 7.8, which means it is a high severity issue.
Bad timing for WinRAR
The WinRAR editor was immediately contacted by goodbyeselene and got to work to provide us with a fix on August 2nd. It is therefore very important to download version 6.23 of the software as soon as possible, which also corrects another very serious problem which makes it possible to launch a bad file without the victim noticing it.
This is bad news for WinRAR which, despite its reliability for nearly thirty years, is now threatened by an upcoming Windows update. Indeed, the latter should soon support new compression formats that were until now the prerogative of third-party software. If Microsoft’s operating system is of course also regularly the victim of vulnerabilities, it is obviously easier to trust a tech giant than a smaller publisher like RARLAB. At least, from the perspective of many users.
Either way, neither can protect you as much as your own vigilance over the files you download. And, as a last line of defense, a good antivirus is never too much.
Download
- The vague but permissive economic model
- Lots of formats supported
In the world of data archiving and compression tools for Windows, WinRAR stands out as a mainstay. Reference software, available in trial version, which embraces a vast majority of compression formats and a wide variety of archive files. A test is required.
In the world of data archiving and compression tools for Windows, WinRAR stands out as a mainstay. Reference software, available in trial version, which embraces a vast majority of compression formats and a wide variety of archive files. A test is required.
Source : The Hacker News
7