Thursday, February 21, 2019

WinRAR’s latest patch fixes a 19-year-old security issue

Proving that you can teach an old dog new tricks, WinRAR has patched a 19-year-old security vulnerability that allowed nefarious ne’er-do-wells to access your computer.

Researchers at Check Point Software Technologies found that they could gain full access to a computer by exploiting a security flaw with the outdated ACE archive format.

Haven’t heard of ACE? Don’t worry about it.The only way to create an ACE archive was using WinACE, a piece of software that hasn’t seen an update since 2007, and indeed WinRAR’s support for ACE was reliant on a practically antique DLL file from 2006.

Related: Best PC Games

Sadly, this DLL file was the problem as it is insecure and the researchers at Check Point Software Technologies found they were able to rename an ACE file to give ita  RAR extension to get WinRAR to extract a malicious program into the startup folder of a computer, meaning it’ll kick into gear each time a computer boots up.

You can read about the process here, and it’s worth looking into only for a glimpse at how you can be totally blindsided by the smallest thing. It’s also worth reading because if you’re one of the 500m WinRAR users around the world, you actually have been blindsided by this for the last few years.

Luckily, team WinRAR has now patched this security hole with version 5.70 beta 1, which users should hop on board with as quickly as possible, just to ensure you aren’t still vulnerable. However, rather than working out the problem with the issue and fixing it, WinRAR’s developers have instead opted to just kill off their support for ACE entirely. It seems fair because, again, the software to make ACE archives hasn’t been updated since 2007. 12 years is a long time in cybersecurity.

We’ve reached out to security firm Kapersky:

Related: MWC 2019

Updating your WinRAR today? Come commiserate with us on Twitter at @TrustedReviews.

The post WinRAR’s latest patch fixes a 19-year-old security issue appeared first on Trusted Reviews.



from Trusted Reviews https://ift.tt/2Xg3r8I

Labels:

posted by Kingston @ 9:13 AM   0 Comments

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home