Technology @lemmy.ml MazonnaCara89 @lemmy.ml 8 mo. ago

WinRAR has a major security bug

www.windowscentral.com WinRAR has a major security bug, and you have to install its fix manually

Attackers can utilize a bug to execute code on your PC when you open zipped files.

23 comments

Is it that you can keep using the free trial forever? /s
yeah it's called winrar
- Switch to 7-Zip now!
  
  scoop install 7zip.
  
  everytime.
This is the best summary I could come up with:

The issue was discovered by Google's Threat Analysis Group (TAG), which discussed the problem in depth in a blog post.

The issue allows an attacker to execute arbitrary code when someone opens a zipped file.

"Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders.

"TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations."

While WinRAR is a useful piece of software used by over half a billion people, it is perhaps more famous as a meme or as the butt of jokes.

When Microsoft announced native support for the .rar file format, WinRAR shared a meme on Twitter (now called X).

The original article contains 333 words, the summary contains 119 words. Saved 64%. I'm a bot and I'm open source!
- Good bot!
TLDR Some folks just never update their software. Idk if this is just a Windows problem but damn. I remember reading about this 0-day months ago and thinking to myself malware groups will have a field day before the vulnerability finally becomes dead just because of this.
Again? Is it the same one with 7zip?
Maybe because of the fact that they can't pay their staff, because nobody pays to use their product.
- Except it's been developed and maintained by one guy, for the past 30 years
  
  Besides, the real money is from companies that pay for the licenses. Not individuals.
  
  Winrar dev gigachad ngl
- Congratulations, you're dumb as fuck!
- I've paid for winrar because I decided I've used it for the better half of my life and well kindly keep using it and getting rid of that pop up whilst also giving back to soldering i use regularly was the right choice for me.
  
  Likewise! Once I finally started making real money I tried to buy software I pirated early on. Even if I don’t currently use it.
- I paid for it 🤷 that's how devs can afford to keep working on their open source projects in the long run.
  
  Wrong wording due to posting early in the morning, meant any independent work...
  
  Winrar is... Not open source. Where did you get that from?
  
  I paid for it too. I mean fuck man. I’ve been using winrar for almost 30 years. That’s more than I can say for most things in my life. I figured it was the least I could do.

You've viewed 23 comments.