(Alert) WinRAR has a Major Security Vulnerability, You Need to Update WinRAR, Right Now ⚠️
WinRAR Major Security Vulnerability
In recent weeks, Google's Threat Analysis Group (TAG) has identified a significant security threat within WinRAR, a popular Windows file archiver tool. Exploiting the known vulnerability, CVE-2023-38831, several government-backed hacking groups have been targeting users since early 2023. Despite a patch being available, many users remain at risk as these hackers continue to exploit the flaw.
The WinRAR Vulnerability
- A logical vulnerability, later assigned CVE-2023-38831, was discovered within WinRAR.
- This flaw leads to unintended temporary file expansion when processing specific archives, along with a quirk in Windows' ShellExecute function.
- Exploiting this vulnerability enables attackers to execute arbitrary code when a user attempts to open a benign file within a ZIP archive.
Hacker Exploitation
- Cybercriminals have been using this 0-day vulnerability since at least April 2023.
- The exploit was mainly employed in campaigns targeting financial traders, delivering various malware families.
- Shortly after the vulnerability was disclosed, proof-of-concepts and exploit generators appeared on public GitHub repositories.
- Both financially motivated and APT actors began testing the vulnerability, highlighting its attractiveness to malicious actors.
Urgent Need for Patching
- RARLabs released an updated WinRAR version in August 2023 to address this and other security-related issues.
- The recommended action is for all users to update their WinRAR installations immediately.
- Despite the availability of a patch, many users remain vulnerable to this attack.
Previous WinRAR Vulnerabilities
- This isn't the first time WinRAR has faced vulnerabilities. In 2019, a significant bug persisted for 19 years before being fixed.
- The fix for CVE-2023-38831 is available in WinRAR versions 6.24 or 6.23, but users must install the update manually.
Conclusion
The exploitation of the WinRAR vulnerability by hackers emphasizes that even known vulnerabilities with available patches can be highly effective. This situation underscores the vital importance of keeping software up-to-date.
Google TAG will continue to provide threat intelligence, and in the meantime, organizations and users must ensure their software remains fully up-to-date to protect against potential security threats.
Download the latest version of WinRAR (Windows) from here: https://www.win-rar.com/fileadmin/winrar-versions/winrar/winrar-x64-624.exe
Join the conversation