I have to say that I feel for the people at WinRAR; it’s never a good thing when a critical vulnerability has existed within your program ever since it was released 19(!) years ago. Just look at what comes when doing a simple search for “WinRAR”…
The Hacker News reports the following:
Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released in last 19 years.
The flaw resides in the way an old third-party library, called UNACEV2.DLL, used by the software handled the extraction of files compressed in ACE data compression archive file format.
However, since WinRAR detects the format by the content of the file and not by the extension, attackers can merely change the .ace extension to .rar extension to make it look normal.
Two things that come to mind:
- How many of you still use WinRAR as your “go-to” extraction software?
- I can’t believe that their actual recommendation is to install a BETA version of their software in place of whatever existing version you may have!
Click here for the full article in addition to checking out other sites for more details…