A WinRAR Security Vulnerability may Let More than 500 Million Users at Risk

As a widespread file manage tool, WinRAR has been influenced by various negative bug reports in the past several years. This Week, a report shows that there is a serious security bug in WinRAR UNACEV2.dll codebase. This bug gives access to attackers for running any malicious code after open the “booby-trapped” files.

Until now, according to Check Point Research report, more than 500 million users have been put into risk worldwide. As attackers can run WinRAR without any permission, and then they could randomly put malicious files into victim’s Windows startup folder by using that bug. Then users will get malicious files running while start up their PC next time, and the attackers will get a full chance to control the victim’s computer.

To solve this problem, users can uninstall WinRAR or upgrade to WinRAR 5.70. Since WinRAR is necessary for most users, we recommend updating to the latest WinRAR 5.70, which has deleted UNACEV2.dll files and stopped supporting the attacked ACE Archive format. Users can download WinRAR 5.70 to fix the bug here:  

WinRAR 5.70 Download (link: https://www.win-rar.com/)

Users can also try IObit Software Updater as an alternative solution. It can automatically update the outdated software in time. You can set automatic updates for any outdated programs inside IObit Software Updater for better use.