Highlights: WinRAR patches a 19-year-old security vulnerability. The vulnerability was discovered by Check Point Software Technologies. The vulnerability can potentially let attackers extract malicious software to any folder in the system. WinRAR, the popular Windows-exclusive file archival tool, has been around for over two decades now. A security vulnerability that’s nearly as old as the application itself was discovered by researchers at Check Point Software Technologies a couple of days ago. The researchers published their findings in a blog post along with a response they got from WinRAR. The vulnerability that allowed attackers to extract malicious software anywhere on the hard drive has been patched. The pundits at Check Point Software Technologies outline the potential risks of the vulnerability and steps to recreate it in their lengthy blog post. The short version is that the vulnerability basically allowed WinRAR users to extract a malicious program to any folder in the system including Windows’ Startup folder simply by changing the extension of the file from .ACE to .RAR. A malicious program that runs when Windows boots up could potentially cause irreparable damage to the system. “Aforementioned vulnerability makes possible to create files in arbitrary folders inside or outside of destination folder when unpacking ACE archives”, responded WinRAR on its website. “WinRAR used this third party library to unpack ACE archives. UNACEV2.DLL had not been updated since 2005 and we do not have access to its source code. So we decided to drop ACE archive format support to protect security of WinRAR users. We are thankful to Check Point Software Technologies for reporting this issue.” This is not the first time a security vulnerability like this has gone unnoticed and unpatched for long periods of time. A zero-day vulnerability capable of letting an exploit delete system files was discovered in Windows 10 by security researcher SandboxEscaper in October last year. More recently, an Indian security researcher found a Windows vulnerability that allowed hackers to take control of over 400 million Microsoft Store, Outlook, and Sway accounts. Related Read: New file-deleting Windows zero-day vulnerability unearthed Indian security researcher finds Microsoft vulnerability affecting 400 million users
from Latest Technology News https://ift.tt/2VerrY2
flipkart
Subscribe to:
Post Comments (Atom)
flipkart
Edit videos on your mobile phone using the YouTube Create App
YouTube has introduced its new mobile app called ‘YouTube Create’. This app offers an easy way for creators to edit their videos right from ...
- September 2023 (83)
- August 2023 (126)
- July 2023 (113)
- June 2023 (102)
- May 2023 (162)
- April 2023 (160)
- March 2023 (148)
- February 2023 (136)
- January 2023 (173)
- December 2022 (163)
- November 2022 (163)
- October 2022 (181)
- September 2022 (178)
- August 2022 (174)
- July 2022 (136)
- June 2022 (125)
- May 2022 (146)
- April 2022 (130)
- March 2022 (143)
- February 2022 (132)
- January 2022 (145)
- December 2021 (157)
- November 2021 (239)
- October 2021 (269)
- September 2021 (270)
- August 2021 (212)
- July 2021 (252)
- June 2021 (225)
- May 2021 (184)
- April 2021 (181)
- March 2021 (343)
- February 2021 (299)
- January 2021 (320)
- December 2020 (334)
- November 2020 (305)
- October 2020 (318)
- September 2020 (340)
- August 2020 (347)
- July 2020 (337)
- June 2020 (310)
- May 2020 (308)
- April 2020 (418)
- March 2020 (316)
- February 2020 (282)
- January 2020 (329)
- December 2019 (323)
- November 2019 (393)
- October 2019 (403)
- September 2019 (386)
- August 2019 (454)
- July 2019 (579)
- June 2019 (509)
- May 2019 (697)
- April 2019 (725)
- March 2019 (746)
- February 2019 (702)
- January 2019 (932)
- December 2018 (758)
- November 2018 (729)
- October 2018 (835)
- September 2018 (838)
- August 2018 (548)
- March 2018 (24)
-
Now that the first Developer Preview of the next version of Android has gone live, we can expect to see more and more reports of upcoming fe...
-
Huawei, it seems, cannot seem to steer away from controversy around its smartphones’ camera capabilities. This time, a Chinese photographer ...
-
OnePlus could be on the road to launch its first smartwatch very soon. A report recently surfaced that reveals a listing on Indonesia's ...
No comments:
Post a Comment