Skip to main content
Critical Vulnerability Found in WinRAR Could Affect Millions of Users

A security vulnerability has been found in WinRAR, a file archiver and compressor utility for Windowsthat is estimated to be used by more than half a billion users. The vulnerability, if exploited, allows remote attackers to execute system specific code to compromise a computer.
A proof-of-concept exploit for WinRAR SFX v5.21 has been published. Iranian researcher Mohammad Reza Espargham reported the vulnerability to Full Disclosure, a popular forum for disclosure of security information. "The vulnerability allows unauthorised remote attackers to execute system specific code to compromise a target system," he said.
The vulnerability is said to affect all versions of WinRAR SFX, making its users extremely prone to attacks. Security firm MalwareBytes has independently confirmed the existence of the critical vulnerability in the said application.
The vulnerability, if exploited, allows a remote attacker to execute malicious code when a victim tries to unzip an SFX archive file, a type of RAR file that is often used to safeguard executable files. "Basically, the attack uses the option to write HTML code in the text display window when creating a SFX archive," writes MalwareBytes.
What makes the vulnerability, which has been flagged as critical, even more alarming is the fact that it requires very low user interaction. If the affected file is open, the malware could compromise the device or network. As of now, the vulnerability is yet to be patched.
Which is why you should be extra careful while handling any SFX archive, and probably not open an SFX file that you have received from an untrusted source. This is a good rule to follow for any file on the Internet of course, and even more so for self-executing files like exe and SFX. WinRAR developer RAR Labs in the meantime has responded to the issue, and said, "Executable files are potentially dangerous by design. Run them only if they are received from a trustworthy source. WinRAR self-extracting (SFX) archives are not less or more dangerous than other exe files."
Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Comments

Post a Comment

Popular posts from this blog

The Best Web Hosting Services

Are you looking for the best web  hosting  services for your needs? Whether you need a place to host your small personal blog or a major corporate website, the following list will help you identify the best hosts to use. Finding the best web hosting service isn’t quite as straightforward as searching Google and choosing the one with the lowest price. There are a lot of issues to consider, including the reasons for  why  you need hosting and  how  you intend to use it. Once you have a handle on that, finding the right host becomes much easier. Choose one that’s undersized and you’ll end up with website outages and slow page loads, but choose one that’s oversized and you’ll be throwing money away. Defining Your Web Hosting Needs Before choosing your web host, you’ll need to think about your requirements. Consider the following concerns and decide the importance of each item on a scale of 0 to 10 (with 0 being not at all important and 10 being critically important): Speed  — H
Post a Comment
Read more

Google Photos can now stabilize all your shaky phone camera video

G oogle Photos is where all my photos are. Long ago I was a man of SmugMug, and then Flickr, and then at some point spent days and days copying years of images to iCloud Photo Library before eventually disregarding that and switching to Google. What can I say? I’m a simple person who can be easily delighted and swayed by automatic GIF creation and reliable backups. And Google Photos keeps getting better. Here’s the latest example: now the mobile app can automatically stabilize videos in your camera roll with a tap. A lot of flagship smartphones offer optical image stabilization when shooting video, a hardware feature that helps keep footage smooth. Others, like Google’s Pixel, use software to try and stabilize jerky movements. Putting stabilization inside the Google Photos app could enhance results further if you’re already working with hardware OIS, or improve recordings significantly if your phone lacks any means of steadying things out of the box. The stabilized video is croppe
Post a Comment
Read more