[ad_1]
In a detailed blog post, Check Point explained that by renaming an ACE file with a RAR extension, hackers could manipulate WinRAR to extract a malicious program into the startup folder of a computer. The program will then run automatically when you start your computer. Check Point says the flaw existed for 19 years. In response to the blog post, WinRAR quickly corrected the vulnerability by releasing a 5.70 Beta 1 release in which it no longer supports ACE archives. It turns out that the company was using a third party tool anyway to decompress the ACE archives, and it had not been updated since 2005.
No attacks using this bug have been reported. But 19 years old, it's long enough to have a flaw of this kind, and with 500 million potentially exposed users, we'd say it's a major oversight on the part of WinRAR . If you're one of the millions of people who still use WinRAR, this is a good time to update the software. The lesson for all of us is that what you did on your PC 20 years ago can come back to haunt you.
[ad_2]
Source link