All PC users have used WinRAR at least once in their lives, and the software has been around for about two decades! It was used to extract or archive files on a PC, and over the years it was used by almost 500 million people.
But what nobody wants to hear about a tool we have used for almost 20 years that it has just been fixed because of a major vulnerability. The researchers at Check Point Research discovered that WinRAR had a severe security flaw, reported McAfee.
They found out that this flaw allowed hackers to make WinRAR extract a malicious program to a PC through renaming an ACE file with a RAR extension:
“When a vulnerable version of WinRAR is used to extract the contents of this archive, a malicious payload is created in the Startup folder behind the scenes. User Account Control (UAC) does not apply, so no alert is displayed to the user. The next time the system restarts, the malware is run.”
The developers of WinRAR patched the software with a version that would fix the issue and also add a lot of changes.
Get WinRAR v. 5.70 to Keep Your PC Safe
The latest version of WinRAR will no longer support ACE files, so for your protection, head over to the official WinRAR website and download the latest version of the program – version 5.70.
Those that have already updated WinRAR should be safe, and the users that still have the previous version should immediately update the software, or else they risk the safety of their PC if they were to download and extract WinRAR files from sketchy sources.
McAfee reported that they found many exploits since the disclosure of the vulnerability:
“In the first week since the vulnerability was disclosed, McAfee has identified over 100 unique exploits and counting, with most of the initial targets residing in the United States at the time of writing.”
It is unsettling that this issue has gone undetected for all those years, even if the software was used by so many people! If you are still using the program, then you should keep your data and files safe by updating WinRAR!