WinRAR Patches Significant Vulnerability Affecting Millions

Reading Time: ( Word Count: )

August 19, 2023
Nextdoorsec-course

The widely-used file archiving software for Windows, WinRAR, has addressed a critical vulnerability that had the potential to let attackers run commands on a system just by the user opening an archive.

Designated as CVE-2023-40477, this vulnerability might have allowed hackers to remotely execute arbitrary code on the affected computer if a manipulated RAR file was accessed.

The discovery of this vulnerability is attributed to “goodbyeselene” from the Zero Day Initiative. They made RARLAB, the company behind WinRAR, aware of this flaw on June 8th, 2023. A security advisory posted on ZDI’s website explains, “This particular flaw arises during the treatment of recovery volumes. It stems from inadequate validation of data provided by users, possibly leading to memory access beyond a dedicated buffer.”

Considering victims need to be tricked into opening a compromised archive, the risk associated with this vulnerability gets a 7.8 score on the CVSS scale. However, duping users into the necessary actions isn’t necessarily complex, and the sheer size of WinRAR’s audience means there’s a significant risk of this vulnerability being exploited.

Also read: AI’s Ability to Decode Passwords Through Keystroke Sounds Raises Concerns

Addressing the Threat On August 2nd, 2023, RARLAB unveiled WinRAR version 6.23, which rectifies CVE-2023-40477. Thus, it’s imperative for users of WinRAR to install this security patch without delay.

In addition to the RAR4 recovery volumes processing code solution, the 6.23 update also handles issues related to the incorrect initiation of particular archives, another matter of great concern.

A noteworthy point is Microsoft’s move to incorporate native support for RAR, 7-Zip, and GZ files within Windows 11. This means users may not need third-party tools like WinRAR unless they seek its specialized functions.

For those who opt to stick with WinRAR, it’s crucial to ensure it’s consistently updated, especially in light of previous vulnerabilities that were leveraged by cybercriminals to distribute malware.

Further, users should be prudent about which RAR files they access and consider employing antivirus software capable of inspecting archives to boost their security posture.

Saher

Saher

Author

Saher is a cybersecurity researcher with a passion for innovative technology and AI. She explores the intersection of AI and cybersecurity to stay ahead of evolving threats.

Other interesting articles

Wi-Fi Security Key vs. Password: Unraveling the Difference

Wi-Fi Security Key vs. Password: Unraveling the Difference

In the digital age, where connectivity is king, securing our Wi-Fi networks is paramount. When it comes to ...
Instagram Security Code Not Working

Instagram Security Code Not Working

In the realm of social media, Instagram stands as one of the most popular platforms for sharing moments, ...
T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

T-Mobile App Glitch Exposes User Data: Data Privacy Concerns Arise

Today, T-Mobile users reported an alarming issue where they were able to view the account and billing details of ...
Best Anonymous Crypto Wallet

Best Anonymous Crypto Wallet

Many Bitcoin users value their anonymity. You must ensure that your personal information and digital assets are ...
0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *