If you are like many Windows computer users, you are likely to have WinRAR installed. The app is very handy, and millions of people use it to extract ZIP and RAR files. As a reputable software, we all assumed that the app is safe, until when it was revealed last month that there’s a bug in the app’s UNACEV2.DLL library, and the bug has been in the app for 19 years.
With the bug, it is reported that hackers can extract malicious software in victims’ startup folders, and the malicious software will fire when the computer is restarted. McAfee, the renowned antivirus company, made it clear that beyond extracting malicious software in the computer’s startup folder, the bug can also allow hackers to launch over 100 different hacking attacks.
Below is what the maker of the compression software has to say about the bug.
WinRAR has always been known for its wide support of all popular compression formats. A recent report by Check Point Software revealed a potential security vulnerability in the UNACEV2.DLL library, which was used in former versions of WinRAR to decompress ACE archives.
There haven’t been any reported attacks so far, but to provide WinRAR users with a stable and clean version, the final version of WinRAR 5.70 has been released. Since UNACEV2.DLL had not been updated since 2005 and access to its source code is not available, the decision was made to drop ACE archive support starting with WinRAR 5.70.
Now, after the launch of the final and stable version of WinRAR 5.70, upgrading immediately to the new 5.70 version is highly recommended.
To users who are not interested in an upgrade or who don’t find a localized version of WinRAR 5.70 yet, win.rar GmbH’s advice is to delete the UNACEV2.DLL file from their current WinRAR version to be reliably protected again.
All users of WinRAR 5.10 or any newer version can find the UNACEV2.DLL file in the WinRAR program folder. WinRAR users of versions older than 5.10, can find the UNACEV2.DLL file in the Formats subfolder of the WinRAR program.
From what the maker of WinRAR has stated, it can be concluded that to be safe, everybody that uses a Windows computer and has the app installed must upgrade it now. If not, hackers might start exploring the loopholes and start launching attacks.
To upgrade to version 5.70 of the app, which has the bug issue corrected, proceed to this link.
Leave a Reply