If you use WinRAR, it’s time for users to update to the latest version after a serious security vulnerability was discovered that was exploited by attackers.
According to Theverge, Google’s threat analysis team (TAG) has discovered many government-backed hacking groups exploiting WinRAR vulnerabilities since the beginning of 2023. Describing in detail how to attack WinRAR on the blog, TAG said: “A patch is available, but many users’ devices still appear to be vulnerable. Government-backed actors from several countries exploited the WinRAR vulnerability as part of their operations.”
WinRAR versions 6.24 and 6.23 both have fixes, but the application is not automatically updated so users will have to download and install the patch manually.
The WinRAR vulnerability allows attackers to execute arbitrary code when a Windows user opens something like a PNG file in a ZIP archive. TAG describes this security exploit as “a logic flaw in WinRAR that causes extraneous temporary file extensions when processing manual archives, combined with a bug in the ShellExecute implementation of Windows when trying to open a file with an extension that contains spaces”.
TAG said the widespread WinRAR bug attack activity shows that exploiting known vulnerabilities can be highly effective for hackers. This highlights the importance of patching, and there’s still work to be done to make it easier for users to keep their software secure and up to date.
This is not the first time a major WinRAR vulnerability has been discovered. In 2019, cybersecurity firm Check Point Research discovered a 19-year-old code execution vulnerability that could give an attacker full control of a victim’s computer.
If you are running Windows 11, users only need to use the native tool that supports RAR or 7-zip files provided in the latest operating system update