Posted on


ZIP might be the gold standard of consumer file compression, but if you’ve ever downloaded fonts, freeware, or any number of other things there’s a good chance you needed to uncompress a RAR archive somewhere along the way.


WinRAR is a shareware “(Trialware”) application for making and extracting RAR and other kinds of archives.
Security researchers discovered some old code in WinRAR which could allow malicious software to be executed upon decompression if it is delivered in a certain format.


It’s very unlikely that you’ll be affected by this vulnerability, but it’s dead simple to fix the flaw. RARLAB have already removed the offending code from the latest version.

Check if you have WinRAR on your machine.
If you don’t find it in this step, stop-you’re done.

If you found it, navigate to

Download the installer for the latest version (5.70 as of this writing).
Run the installer, which will update WinRAR on your computer.
In case you want more information, here’s a list of the versions affected.
And I recommend you listen to the latest episode of Security Now!, where I initially heard about this.