If you use WinRAR, it’s time to update to the latest version after a serious security vulnerability has been discovered that is already being used by attackers. Google’s Threat Analysis Group (TAG) found that several government-backed hacking groups have been exploiting the WinRAR vulnerability since early 2023.
“A patch is now available, but many users still appear vulnerable,” says TAG in a blog post detailing the WinRAR exploit. “TAG has observed government-backed actors in several countries exploiting the WinRAR vulnerability as part of their operations.”
WinRAR 6.24 versions and 6.23 include a fix for the security hole, but the app does not update automatically, so you will have to download and install the patch manually. That’s right, it’s 2023 and one of the most popular Windows apps still doesn’t have an automatic update feature.
The WinRAR vulnerability allows attackers to execute arbitrary code when a Windows user opens something like a PNG file inside a ZIP archive. TAG describes the security exploit as “a logical vulnerability within WinRAR that causes a strange expansion of temporary files when processing crafted files, combined with a quirk in Windows’ ShellExecute implementation when attempting to open a file with an extension containing spaces” .
Attackers have used the exploit since early 2023.
The exploit has also been used to aim cryptocurrency trading accounts since April 2023. “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be very effective, despite a patch being available,” says TAG. “These recent campaigns exploiting the WinRAR bug underscore the importance of patching and that there is still work to be done to make it easier for users to keep their software secure and up-to-date.”
This is not the first time that a major vulnerability has been discovered in WinRAR. In 2019, cybersecurity company Check Point investigation uncovered a 19-year-old code execution exploit that could give attackers full control over a victim’s computer.
You can download the latest WinRAR update right hereOr, if you’re running Windows 11, you can simply use the native support for 7-zip RAR archives that was included in the latest OS update.