Security researchers at McAfee had identified more than 100 unique exploits online by mid-March, with most users attacked being in the USA. While an update was released back in February, this story is still picking up steam. WinRAR reportedly has 500 million users worldwide, and we’re certain most of those users haven’t yet heard of this bug and updated WinRAR. We’re also extremely disappointed that WinRAR’s website doesn’t highlight information about this security flaw and instead buries it in WinRAR’s release notes. WinRAR doesn’t automatically update itself. However, unless you’ve heard of this “path traversal” flaw already, you may be at risk. WinRAR contained an ancient DLL from 2006 to enable support for ACE archives, and that file has now been removed from the latest versions of WinRAR, which no longer support ACE archives. This serious flaw was found by researchers at Check Point Software Technologies.
When you extract the file with a vulnerable version of WinRAR, it can automatically place malware in your Startup folder without any additional user action. An attacker simply needs to create a specially crafted ACE archive and give it the. Specifically, this flaw is a result of WinRAR’s ACE file support. exe file would automatically be started the next time you sign into your PC, and it could infect your PC with malware. RAR file you download automatically extract an.
0 kommentar(er)
