Latest in Gear

Image credit: ValeryBrozhinsky via Getty Images

WinRAR patched 19-year-old bug that left millions vulnerable

WinRAR gets back at us all for hitting “next time” when prompted to pay.
822 Shares
Share
Tweet
Share

Sponsored Links

ValeryBrozhinsky via Getty Images

Remember that early 2000s software that extracted .zip files and just about any other file archive on your Windows PC, WinRAR? The one that constantly bugged you to buy it but could be duped by clicking "next time"? Well, if you're one of the 500 million people who've used WinRAR over the years, the joke's on you. Researchers at Check Point Research uncovered a 19-year-old bug that created a security breach in your hard drive.

In a detailed blog post, Check Point explained that by renaming an ACE file with a RAR extension, hackers could manipulate WinRAR to extract a malicious program to a computer's startup folder. The program would then run automatically when your computer started. Check Point says the flaw existed for 19 years. In response to the blog post, WinRAR was quick to patch the vulnerability, releasing a version 5.70 beta 1 in which it dropped support for ACE archives. Turns out the company was using a third party tool to unpack ACE archives anyway, and it hadn't been updated since 2005.

There haven't been any reported attacks using this bug. But 19 years is a pretty long-time to have a flaw like this, and with 500 million users potentially exposed, we'd say this is a major oversight on WinRAR's part. If you are one of the millions still using WinRAR, this would be a good time to update the software. The lesson for all of us is that what you did on your PC 20 years ago can indeed come back to haunt you.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
822 Shares
Share
Tweet
Share

Popular on Engadget

Amazon cuts the price of the 7-in-1 Ninja Foodi cooker to $125

Amazon cuts the price of the 7-in-1 Ninja Foodi cooker to $125

View
Polestar's latest concept EV is designed for sustainability

Polestar's latest concept EV is designed for sustainability

View
How exactly does 5G work?

How exactly does 5G work?

View
NASA says its InSight lander has detected over 450 'marsquakes'

NASA says its InSight lander has detected over 450 'marsquakes'

View
The Morning After: Netflix's new Top 10 lists tell you what's popular

The Morning After: Netflix's new Top 10 lists tell you what's popular

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr