Hackers Can Take Control of Your PC Using a WinRAR Vulnerability
A new WinRAR security flaw endangers more than half a billion users of the WinRAR archiver. Opening a RAR archive generated by the attackers allows arbitrary code to be executed on the victim’s machine. The WinRAR vulnerability was discovered by a researcher, “goodbyeselene” of Zero Day Initiative, who reported the flaw to the vendor, RARLAB, on June 8th, 2023.
The Hacking via WinRAR security flaw has become easy for cybercriminals. The vulnerability is tracked under the identifier CVE-2023 -40477 and allows a remote attacker to execute arbitrary code on the attacked machine using a specially prepared archive file with the RAR extension. Because this particular exploit requires user interaction (you need to open a malicious archive), it has received a severity rating of 7.8 from CVSS. WinRAR user needs strategies in protecting against WinRAR exploits.
Consequences of a WinRAR Vulnerability
Using vulnerabilities in WinRAR, attackers can hack into other people’s computers, gain full control over them, and do whatever they want. They can organize botnets, steal personal files, block the system, encrypt valuable data, and much more.
WinRAR developers have already eliminated all the vulnerabilities found, but the updated version of the program has yet to be released. To protect yourself from hacker attacks using WinRAR, it is enough to refrain from downloading archives from uncertain sites. You should also avoid downloading any files in emails from recipients you do not know.
Protect Yourself from the WinRAR Vulnerability
There is a need for a WinRAR vulnerability attack prevention plan. Update to 6.23 since it fixes this issue and other changes and improvements, so you must download this new package as soon as possible if you haven’t already.
The “virus” would come in the form of a compressed file; it can be a website, a video, or anything else. As soon as you unzip the file, the hackers will instantly gain access to your computer. From there, they could execute commands that would expose you to threats.
The hackers can also use this attack as a ransomware where all the files on your system will be compressed and locked. You’ll only gain the access back once you pay money (ransom) to the attackers. The cybersecurity for WinRAR users plays a very important role in securing computers.
Fixing the WinRAR Vulnerability
The mitigating PC risks from WinRAR vulnerability requires multiple steps, e.g., using antivirus, updating your WinRAR software, and regularly backing up your files.
To fix the issues, a WinRAR security update is needed. To patch the WinRAR vulnerability, download the latest WinRAR release or check if you have version 6.32 or later. Even if you’re not worried about this particular vulnerability, updating WinRAR will patch previous bugs and exploits. It may also provide some UI improvements, assuming you haven’t updated in years.
Conclusion
If you use WinRAR to manage the compression and decompression of RAR archives, update the utility without further delay. A serious WinRAR security flaw discovered in the software could allow hackers to execute arbitrary code when opening a compressed RAR file.
The sources for this piece include an article in The Hacker News and Bleeping Computer.