WinRAR has always been the go-to file archiver tool on Windows for many of us. If you are one of them, you should immediately update the software to the latest version because Google’s Threat Analysis Group (TAG) has found a critical security vulnerability that is being used by hackers to attack computers.

According to TAG, multiple government-backed groups have been exploiting the WinRAR vulnerability since early 2023. The app does not update automatically and users must manually do it as soon as they can.

“A patch is now available, but many users still seem to be vulnerable. TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations,” the TAG said. WinRAR versions 6.24 and 6.23 fix the vulnerability.

What is the vulnerability

The WinRAR vulnerability, known as CVE-2023-38831, allows attackers to execute a code when a Windows user opens a file within a ZIP archive.

TAG says that the security exploit is “a logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces.”

Apart from regular users, the loophole has also been exploited to target cryptocurrency trading accounts since April 2023.

“The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available,” says TAG.

Previous critical security exploit
In 2019, another major WinRAR vulnerability was discovered. Cybersecurity company Check Point Research spotted a 19-year-old code execution exploit that could have given attackers full control over a victim’s system.

FacebookTwitterLinkedin

end of article