Proving that you can teach an old dog new tricks, WinRAR has patched a 19-year-old security vulnerability that allowed nefarious ne’er-do-wells to access your computer.
Researchers at Check Point Software Technologies found that they could gain full access to a computer by exploiting a security flaw with the outdated ACE archive format.
Haven’t heard of ACE? Don’t worry about it.The only way to create an ACE archive was using WinACE, a piece of software that hasn’t seen an update since 2007, and indeed WinRAR’s support for ACE was reliant on a practically antique DLL file from 2006.
Related: Best PC Games
Sadly, this DLL file was the problem as it is insecure and the researchers at Check Point Software Technologies found they were able to rename an ACE file to give ita RAR extension to get WinRAR to extract a malicious program into the startup folder of a computer, meaning it’ll kick into gear each time a computer boots up.
You can read about the process here, and it’s worth looking into only for a glimpse at how you can be totally blindsided by the smallest thing. It’s also worth reading because if you’re one of the 500m WinRAR users around the world, you actually have been blindsided by this for the last few years.
Luckily, team WinRAR has now patched this security hole with version 5.70 beta 1, which users should hop on board with as quickly as possible, just to ensure you aren’t still vulnerable. However, rather than working out the problem with the issue and fixing it, WinRAR’s developers have instead opted to just kill off their support for ACE entirely. It seems fair because, again, the software to make ACE archives hasn’t been updated since 2007. 12 years is a long time in cybersecurity.
We’ve reached out to security firm Kapersky:
Related: MWC 2019
Updating your WinRAR today? Come commiserate with us on Twitter at @TrustedReviews.