WinRar fixes 19-year-old security issue

A 19-year-old security flaw, which allows attackers to extract files of malicious software to access users’ PC systems, has been patched by WinRar.

The security flaw, which was first discovered by Check Point, a software company based in Tel Aviv, Israel, allowed hackers to manipulate WinRar into extracting a malicious program to a PC’s startup folder by renaming an ACE file with a RAR extension.

In a detailed report published last Wednesday (Feb.20th), Check Point said the malicious program could then run automatically when a computer system rebooted.

In their blog post, Check Point explained how they discovered the bug and uploaded a short video demonstrating the threat.

After Check Point released their report, Winrar was quick to respond to the issue. They patched the exploit by releasing a software update with the version 5.70 beta 1 which supports ACE archives.

Before this update, WinRar was using a third party tool to unzip ACE files which had not been updated since 2005.

The research company said that the exploit went unnoticed for almost two decades which could have potentially exposed the data of 500m users.

Check Point advised those who use the software to install the latest version to ensure that they are protected against the vulnerability. 

WinRar hasn’t released an official statement revealing how many of its users’ were affected by the vulnerability.


Related Posts