Over 500 million WinRAR users could have been exposed; update your software as soon as possible
A critical vulnerability in WinRAR,
the most popular Windows file compression tool, was recently corrected.
According to specialists in network security and ethical hacking from the
International Institute of Cyber Security, the flaw would have allowed
malicious users to hijack the victim’s system; the only thing needed to
complete the attack was to deceive the user into opening a malicious file.
Although the vulnerability was discovered in the
course of last month, the researchers say it affects all versions of WinRAR
that have been released during the last 19 years.
WinRAR is used by over 500 million people
around the world, and yes, all users could be affected, said network
security specialists. Although not everything is bad news, as WinRAR
released an update patch to correct this vulnerability at the end of January.
A leaked technical report mentions that the
vulnerability resides in the UNACEV2.DLL library, which unpacks the ACE format
files and is included in all versions of this tool. According to network
security specialists, there is a way to create special ACE files that, after
being unzipped, use encoding errors in the UNACEV2.DLL library to inject
malicious files out of the user-selected decompression path.
The researchers managed to leave a malware in
the Startup folder of a Windows computer, which would start after the next
system restart, to finally take control of the infected computer. The WinRAR
team launched WinRAR 5.70 Beta in January 2019 to correct this vulnerability,
tracked as CVE-2018-20250.
The developers of WinRAR would have lost access
to the source code of the library about 15 years ago, so they decided to stop
supporting files in ACE format definitively. A large number of malicious
hackers are expected to try to exploit some variant of this vulnerability in
the near future.
As a precaution, users must remain alert and
not open any file in ACE format, unless they have the updated version of
Organizations that reward hackers reporting
exploits have shown a special interest in vulnerabilities that affect tools
like WinRAR. Zerodium, for example, offers up to $100k USD for remote execution
vulnerabilities in WinRAR, 7-Zip, WinZip and tar, for Linux systems.
The interest shown in this kind of exploits is
mainly because these kinds of applications are used within both domestic and
business networks, so they are a considerable attack vector.