Do you have WinRAR installed on your Windows PC? Then you’re probably vulnerable to attack. RARLab patched a dangerous security bug at the end of February 2019, but WinRAR doesn’t automatically update itself. Most WinRAR installations are still vulnerable.
What’s the Danger?
WinRAR contains a flaw that would let a .RAR file you download automatically extract an .exe file to your Startup folder. That .exe file would automatically be started the next time you sign into your PC, and it could infect your PC with malware.
Specifically, this flaw is a result of WinRAR’s ACE file support. An attacker simply needs to create a specially crafted ACE archive and give it the .RAR file extension. When you extract the file with a vulnerable version of WinRAR, it can automatically place malware in your Startup folder without any additional user action.
This serious flaw was found by researchers at Check Point Software Technologies. WinRAR contained an ancient DLL from 2006 to enable support for ACE archives, and that file has now been removed from the latest versions of WinRAR, which no longer support ACE archives. Don’t worry—ACE archives are very rare.
However, unless you’ve heard of this “path traversal” flaw already, you may be at risk. WinRAR doesn’t automatically update itself. We’re also extremely disappointed that WinRAR’s website doesn’t highlight information about this security flaw and instead buries it in WinRAR’s release notes.
WinRAR reportedly has 500 million users worldwide, and we’re certain most of those users haven’t yet heard of this bug and updated WinRAR.
While an update was released back in February, this story is still picking up steam. Security researchers at McAfee had identified more than 100 unique exploits online by mid-March, with most users attacked being in the USA. For example, a bootlegged copy of Ariana Grande’s album “Thank U, Next” with the filename “Ariana_Grande-thank_u,_next(2019)_[320].rar” available online is being used to install malware via vulnerable versions of WinRAR.
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.