“These recent campaigns exploiting the WinRAR bug underscore the importance of patching and that there is still work to be done to make it easy for users to keep their software secure and up-to-date.” (The Verge) “The widespread exploitation of the WinRAR bug highlights that exploits for known vulnerabilities can be highly effective, despite a patch being available,” says TAG. The exploit has also been used to target cryptocurrency trading accounts since April 2023. That’s right, it’s 2023, and one of the most popular Windows apps still doesn’t have an auto-update feature. “TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations.” WinRAR versions 6.24 and 6.23 both include a fix for the security hole, but the app doesn’t update automatically, so you’ll have to manually download and install the patch. “A patch is now available, but many users still seem to be vulnerable,” says TAG in a blog post detailing the WinRAR exploit. The vulnerability allows attackers to execute arbitrary code when a user attempts to view a benign file (such as an ordinary PNG file) within a ZIP archive. One of those bugs, later assigned CVE-2023-38831, is a logical vulnerability within WinRAR causing extraneous temporary file expansion when processing crafted archives, combined with a quirk in the implementation of Windows’ ShellExecute when attempting to open a file with an extension containing spaces. In August 2023, RARLabs released an updated version of WinRAR that included fixes for several security-related bugs. TAG has observed government-backed actors from a number of countries exploiting the WinRAR vulnerability as part of their operations. A patch is now available, but many users still seem to be vulnerable. Cybercrime groups began exploiting the vulnerability in early 2023, when the bug was still unknown to defenders. In recent weeks, Google’s Threat Analysis Group’s (TAG) has observed multiple government-backed hacking groups exploiting the known vulnerability, CVE-2023-38831, in WinRAR, which is a popular file archiver tool for Windows.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |