WinRAR security flaw
The Hacker News reports that Cybersecurity researchers from Check Point Software have revealed a flaw in the popular Windows file compression application, WinRAR. The flaw affects all prior versions up to version 5.70 beta 1.
The flaw, a remote code execution (RCE) can potentially impact up to 500 million users of the WinRAR application. This RCE could allow for persons with malicious intent to gain access to a victim’s computer if they succeed in persuading the victim into opening a zip-file of the ACE format. This format can easily be disguised as a .rar extension, which is how a person can be tricked as it will look like a normal .rar file.
A potential attacker could exploit the flaw by making use of a path-traversal attack. This allows the attacker to gain access to directories, that they should not be intended for public or foreign eyes. In other words, malware could very easily be planted in your system.
The vulnerability has been patched in a new version of the software on the 28th of January 2019, in 5.70 beta 1. The latest test version has also stopped supporting the ACE format.
What to do?
Are you among the 500 million Windows users, who have WinRAR installed? Then you do the following:
- Uninstall your current version of WinRAR
- Download and install the latest test version, v. 5.70 beta 1
- Avoid opening files from unknown sources
Here at HTML24, we provide security for our clients’ websites and web apps. Consider reading our case stories on the Danish State Hospital (Rigshospitalet) or the trade union, HOD.
Are you seeking a digital agency to implement higher security or build a website for you? We would love to assist you!
Contact us at firstname.lastname@example.org, or write your information in the box below. We are always ready to engage in a non-committal conversation with you.