Photo: Mas Jono (Shutterstock)
RARLAB has fixed a critical security vulnerability in the popular file compression software WinRAR. This vulnerability allows hackers to execute commands on your Windows PC if you simply open a malicious compressed file. If you use the software, you should update to it to version 6.23 or newer as soon as possible.
Security researcher goodbyeselene highlighted this bug on Zero Day Initiative (ZDI), as reported by Bleeping Computer. Antivirus software company Trend Micro runs ZDI, which financially rewards security researchers for reporting critical security vulnerabilities.
According to the log on ZDI, the WinRAR flaw allowed “remote attackers to execute arbitrary code on affected installations” of WinRAR. The log notes that you’re at risk only if you open a malicious file or visit an unsafe webpage. This isn’t a far-fetched scenario, however, because RAR is among the most popular formats for compressed files. Anyone who has tried to download large files has probably encountered RAR files at some point.
When you try to download software, music, games, or movies from unknown sources, you may find them packaged as RAR files. Malicious attackers could craft these RAR files in a way that could exploit this vulnerability and infect your PC. The only sure solution to avoid this problem is to update WinRAR immediately. RARLAB acknowledged and fixed this issue so there’s no reason to delay this latest software update.
That being said, many PC users may not need WinRAR for much longer. Windows 11 will soon add native support for RAR archives, which means you can create and extract RAR files without installing WinRAR at all. You can already try this feature on Windows Insider builds of the operating system, which you can register for from this page.
It’s worth noting that Insider builds of Windows are meant for testing upcoming features and shouldn’t be considered as an alternative to stable versions of the operating system. These builds could contain significant bugs that may hamper your use of your PC. You should be aware of the risks and back up everything important before you go ahead and install these builds.
Windows 11's support for RAR files includes basic features that are good enough for most people, but advanced users who create a lot of RAR archives may still prefer to use WinRAR. As long as you have WinRAR installed, you should update to 6.23 or newer versions of the software.