WinRAR Software Exposes Critical Security Vulnerability
WinRAR Software Exposes Critical Security Vulnerability, Urging Users to Update to the Latest Version
- Why Enterprise RAID Rebuilding Succeeds Where Consumer Arrays Fail?
- Linus Torvalds Rejects MMC Subsystem Updates for Linux 7.0: “Complete Garbage”
- The Man Who Maintained Sudo for 30 Years Now Struggles to Fund the Work That Powers Millions of Servers
- How Close Are Quantum Computers to Breaking RSA-2048?
- Why Windows 10 Users Are Flocking to Zorin OS 18 Instead of Linux Mint?
- How to Prevent Ransomware Infection Risks?
- What is the best alternative to Microsoft Office?
WinRAR Software Exposes Critical Security Vulnerability, Urging Users to Update to the Latest Version
News On October 19, The popular file compression and management software, WinRAR, has recently been discovered to have a severe security vulnerability with the designation CVE-2023-38831.
This vulnerability allows malicious actors to execute arbitrary code on users’ computers by exploiting it, putting user data and privacy at risk.
WinRAR Software Exposes Critical Security Vulnerability, Urging Users to Update to the Latest Version
According to Google’s Threat Analysis Group (TAG), this vulnerability has already been exploited by several cybercriminal organizations. These groups started taking advantage of the vulnerability in early 2023 when defenders were unaware of its existence. Currently, WinRAR has released a patch to fix the issue, but many users have yet to update, leaving themselves exposed to potential threats.
The attackers’ method involves placing what appears to be a harmless file, such as a PNG image, inside a ZIP archive and opening it with WinRAR. Due to a Windows system error when handling file names containing spaces, WinRAR inadvertently executes malicious code contained within the compressed archive.
Google’s update notes state, “When a user double-clicks a file named ‘poc.png_’ (underscore representing a space) within WinRAR’s interface, versions prior to 6.23 will execute ‘poc.png_/poc.png_.cmd.'”
To safeguard your computer’s security, IT Home advises users to promptly download and install the latest version of the software from the official WinRAR website.
