WinRAR Fixes a 19-year-old Bug That Left Millions of Users Vulnerable

Share on Facebook Tweet Share Reddit Comment
WinRAR Fixes a 19-year-old Bug That Left Millions of Users Vulnerable

WinRAR has been a popular file extraction software since the early 2000s

Highlights
  • Researchers claim WinRAR had a vulnerability since last 19 years
  • WinRAR has now fixed the bug in a new beta release
  • Potentially, millions of users could have been affected by the bug

If you've used a Windows PC in the 2000s, chances are that you've used or come across WinRAR. The popular file extraction software boasts of 500 million users. It allows users to extract ZIP and other file archives on their Windows PC. You could even use it without really paying for it. Recently, researchers uncovered a 19-year-old bug that could have affected millions of PCs.

Security researchers at Check Point Research claimed to have discovered a bug that could allow hackers to manipulate WinRAR. The bug allowed hackers to let WinRAR extract a program into a PC's startup folder. After that, the malicious program could run every single time the PC was booted. Researchers say the bug had existed for 19 years.

Check Point Research explained the bug in a detailed blog post on their website. Its researchers claim all someone had to do was rename an ACE archive with a RAR extension. WinACE, the program capable of creating ACE archives, hasn't been updated since 2007.

In a response to Check Point Research, WinRAR has now fixed the bug with a fresh software update. The vulnerability has been patched in the latest version 5.70 beta 1. On Thursday, the company has also released the second beta of version 5.70.

The bug seemed more of a loophole because WinRAR supported ACE archives via a third party tool. WinRAR has now completely dropped support for ACE archives since it's ancient now, and therefore not used any more.

Although there haven't been any reports of hackers exploiting of this vulnerability over the years, but with 500 million users and a bug having existed for 19 years, it seems quite a massive thing. In case you still use WinRAR, make sure you update the software as soon as the fresh stable release is out.

 

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: WinRAR
Harpreet Singh Harpreet is the community manager at Gadgets 360. He loves all things tech, and can be found hunting for good deals when he’s not shopping online. More
Samsung Galaxy S10+ Camera Joins Huawei Mate 20 Pro at Top of DxOMark Ranking
Tesla Model 3 Delivery in China Starts Earlier Than Expected
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.