WinRAR is close nineteen years old software leak

Researchers at Check Point Software Technologies have discovered a serious leak in the WinRAR program. Due to the leak, malicious software could be placed unnoticed on users' computers.


Researchers at Check Point Software Technologies have discovered a serious leak in the WinRAR program. Due to the leak, malicious software could be placed unnoticed on users' computers.

With WinRAR users can make large files smaller or bundle a number of files to make them easier to send over the internet. When extracting the files, it went wrong, according to the researchers.

When a file was unpacked in the somewhat outdated archive format ACE, malicious software could be placed elsewhere on the computer. The recipient could not see that more was being unpacked than intended.

The researchers explained WinRAR and the company immediately released a new patch to ensure that attacks via the leak are no longer possible. WinRAR's solution to the problem is simple: they no longer support the outdated ACE format in the new version of the program.

Worldwide there are more than 500 million WinRAR users. It is not known whether there have actually been attacks by hackers through the leak. All users of WinRAR are advised to update the software as soon as possible.

'Zero-day vulnerabilities' popular with hackers

It is more common that software leaks are discovered that have been hidden for years. Attacks through vulnerabilities of this kind are called 'zero-day-attacks' because the attacks start before the software developer knows there is a leak.

These vulnerabilities are very popular with malicious hackers, because they can go undisturbed until the leak is discovered once. As with WinRAR, this can sometimes take years.

Newsletter

  • Do you want the most important technical news of the week in your mail every Saturday? Subscribe now to our technical newsletter!

REF: https://www.nu.nl/internet/5754924/winrar-dicht-negentien-jaar-oud-softwarelek.html

Similar news: