A severe bug discovered by security researchers in the file archiving tool WinRAR might have been putting over 500 million users at risk for the past 19 years.
According to a report by zdnet.com, security researchers from Check Point Software discovered the vulnerability last 2018 which affects WinRAR versions released in the last 19 years.
The bug was reportedly found in the UNACEV2.DLL library responsible for processing files in ACE format which can trick users into opening a malicious archives that can plant malicious files outside the intended decompression path destination.
Following the discovered flaw, WinRAR devs released WinRAR 5.70 Beta 1 last month to address the bug.
WinRar then opted to drop support for ACE archive formats after losing its access to UNACEV2.DLL’s source code “to protect security of WinRAR users.”
(Photo source: arstechnica.com/ YouTube – Check Point Software Technologies, Ltd.)
