What you need to know
- WinRAR has a serious security issue that’s been utilized by attackers, including government-backed actors.
- Fixes for the issue are already available, but many systems may still be vulnerable due to the fact that WinRAR must be updated manually.
- If the vulnerability is utilized, attackers can execute arbitrary code when a user opens certain files, which can used for a variety of attacks.
WinRAR has a serious security vulnerability that has been used by attackers, including government-backed hacking groups. The issue was discovered by Google’s Threat Analysis Group (TAG), which discussed the problem in depth in a blog post.
If the vulnerability is utilized, threat actors can attack systems in a variety of ways. The issue allows an attacker to execute arbitrary code when someone opens a zipped file.
Security patches for the vulnerability are already available, but some users and organizations may not have installed them that. That is, in part, due to the fact that WinRAR does not update automatically. That means, anyone using the piece of software needs to seek out the update manually.
“Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. A patch is now available, but many users still seem to be vulnerable,” said Google’s TAG.
“TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.”
WinRAR version 6.24 and the older version 6.23 have fixes for the vulnerability. You can find those updates on the RARLAB website.
What is WinRAR?
WinRAR is a piece of software used to archive, encrypt, and compress folders into a single file. The .rar file format is a common alternative to the .zip format, thanks to the better encryption and compression algorithms used by .rar.
While WinRAR is a useful piece of software used by over half a billion people, it is perhaps more famous as a meme or as the butt of jokes. WinRAR famously has a “trial” period that’s easy to circumvent, allowing users to access WinRAR for free forever. Jokes about purchasing WinRAR are common in tech circles.
When Microsoft announced native support for the .rar file format, WinRAR shared a meme on Twitter (now called X).
Native .rar support has since rolled out to Windows through the Windows 11 October 2023 Update. While the operating system supports .rar natively, some may still prefer to use WinRAR.
