Users need to locate and download the patch themselves. WinRAR version 6.23 fixed the flaw, but the software does not update automatically. Security company Group-IB stated that cybercriminals have been exploiting this vulnerability to target the financial sector since at least April. An attack would be triggered when a user double-clicks on an archive to open WinRAR and then double-clicks an embedded file to access it without unpacking the archive. This could potentially allow attackers to access a target’s memory and remotely execute code. The Zero Day Initiative discovered the issue, a buffer overflow problem caused by insufficiently validated data, in June. Users who have not updated the popular file archiving program since then remain vulnerable. Google reports that malicious actors linked to the Russian and Chinese governments have recently initiated cyberattack campaigns using a WinRAR vulnerability that was addressed in August. Recent reports indicate that state-backed hackers are actively exploiting it, increasing the urgency of the situation. The latest version patches a vulnerability that has been known for months. PSA: If your WinRAR installation is older than version 6.23, released in August, you should update the software as soon as possible.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |