WinRAR fixes 19-year-old bug which exposed 500 million users

Since its launch in the late 1990s, WinRAR has remained one of the most popular software used to open compressed files. Not only could the software be used to zip or unzip files in various formats including .zip .rar .7Z .ISO but it does all this and more absolutely free of cost. While it is not totally free as users would still be prompted to purchase a copy, all one had to do was click on ‘Next Time’.

While many considered this a boon, a recent report suggests every time one clicks on ‘Next Time’, the user is exposing his computer to hackers who could use the opportunity to access their system.

According to the report published by Check Point Research, over 500 million have been using the software for over 19 years while there was a serious security exploit.

The report says, the bug in WinRAR’s extention file lets hackers to rename an ACE file which in turn allows hackers have access to the computer’s startup folder and install a program. Once the program was installed, it would run automatically when your system booted.

The researchers in their blog post have explained how they discovered the bug and also uploaded a short video to educate users about how the exploit worked.

After the researchers informed WinRAR about the critical bug, the software company was quick to respond. They patched the exploit by releasing a software update with the version 5.70 beta 1 which supports ACE archives.

Before this update, WinRAR was using a third-party tool to unzip ACE files which had not been updated since 2005.

WinRAR stated that the bug was not attacked and there were no reports of the same. However, it is alarming that the virus went unnoticed for almost two decades which could have potentially exposed data of over 500 million users.