WinRAR has just been updated to version 5.70: among the new features, a very dangerous and old 0-day flaw has just been fixed. This would make it possible to achieve more than 100 unique exploits, including one allowing to unzip a malicious program in the startup folder. This update has been available for a few weeks, but not all users have installed it yet. However, attacks allowing it to be exploited are increasing.
WinRAR is one of the most popular proprietary data compression software for PCs with over 500 million users. It can compress and decompress archivers in RAR, ZIP, 7z, bzip2, ACE, ARJ, CAB, gzip, ISO, JAR, LZH, TAR, UUE and Z format - in addition to creating self-extracting archives for Windows. However, last month, a 0-year-old 19-day security hole was discovered in the program. Since then, hackers have been busy exploiting this flaw by uploading new exploits.
Read also: Windows 10 and 7 - a security breach allows to hack any PC remotely
WinRAR: here's why you need to update the program as soon as possible
McAfee, who is sounding the alarm once again, explains that win.rar GmbH was quick to release version 5,70 patched against this vulnerability. Yet, security experts note, hackers are posting new exploits of the flaw "in an effort to reach vulnerable systems before they can be patched." The company cites the real example of a file “Ariana_Grande-thank_u, _next (2019) _ [320] .rar” supposed to contain Ariana Grande's album Thank U, Next.
When the user starts decompression, a malicious program unzips itself into the Windows Startup folder. So that it starts automatically the next time the computer is started, compromising the system. Of course, upgrading to WinRAR 5.70 prevents the same file from unzipping anything in the Boot menu. And that is why it is strongly recommended to do this update as soon as possible.
The editor of WinRAR nevertheless gives an alternative if for one reason or another you do not wish to change the version: “to users who do not want an update or can not yet find a version of WinRAR 5,70 in their language, the advice of win.rar GmbH is to remove the UNACEV2.DLL file from their version of WinRAR to be reliably protected again ”. The file in question is located in the WinRAR installation folder.
CLICK HERE TO UPDATE WINRAR