large image

Trusted Reviews is supported by its audience. If you purchase through links on our site, we may earn a commission. Learn more.

WinRAR’s latest patch fixes a 19-year-old security issue

Proving that you can teach an old dog new tricks, WinRAR has patched a 19-year-old security vulnerability that allowed nefarious ne’er-do-wells to access your computer.

Researchers at Check Point Software Technologies found that they could gain full access to a computer by exploiting a security flaw with the outdated ACE archive format.

Haven’t heard of ACE? Don’t worry about it.The only way to create an ACE archive was using WinACE, a piece of software that hasn’t seen an update since 2007, and indeed WinRAR’s support for ACE was reliant on a practically antique DLL file from 2006.

Related: Best PC Games

Sadly, this DLL file was the problem as it is insecure and the researchers at Check Point Software Technologies found they were able to rename an ACE file to give ita  RAR extension to get WinRAR to extract a malicious program into the startup folder of a computer, meaning it’ll kick into gear each time a computer boots up.

You can read about the process here, and it’s worth looking into only for a glimpse at how you can be totally blindsided by the smallest thing. It’s also worth reading because if you’re one of the 500m WinRAR users around the world, you actually have been blindsided by this for the last few years.

Luckily, team WinRAR has now patched this security hole with version 5.70 beta 1, which users should hop on board with as quickly as possible, just to ensure you aren’t still vulnerable. However, rather than working out the problem with the issue and fixing it, WinRAR’s developers have instead opted to just kill off their support for ACE entirely. It seems fair because, again, the software to make ACE archives hasn’t been updated since 2007. 12 years is a long time in cybersecurity.

We’ve reached out to security firm Kapersky:

Related: MWC 2019

Updating your WinRAR today? Come commiserate with us on Twitter at @TrustedReviews.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have millions of users a month from around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.