Google’s research team has identified a significant vulnerability in the popular file archiving program WinRAR. The vulnerability, which has been used by cybercriminals and government-sponsored hackers since early 2023, has been patched without delay.
Google: WinRAR users in danger since early 2023
According to researchers at the Google Threat Analysis Group (TAG), WinRAR has a critical security flaw. Attackers exploiting this vulnerability can execute arbitrary code on the computer when opening files such as ZIP or RAR. This code can be used to copy user information or access different applications.
According to the company, hackers hide their malicious files in extensions such as PNG and gain full access to the computer. TAG also observed that cybercrime groups in many countries are using the WinRAR vulnerability.
The vulnerability is said to be caused by the way WinRAR handles temporary files and saves them to Windows. While security packages have been available for WinRAR versions 6.24 and 6.23 since June, many users have reportedly not yet updated.
It’s worth noting that automatic updates are not enabled by default in WinRAR. Therefore, if you haven’t updated your application to versions 6.24 and 6.23, you may be in the crosshairs of hackers.
Given that hackers have been exploiting this vulnerability for months, we recommend that WinRAR users install the latest version. It should also be noted that Windows 11 has built-in RAR support.
So what do you think about this issue? You can share your opinions with us in the Comments section below.
{{user}} {{datetime}}
{{text}}