WinRAR version 6.23 patches up a very serious security flaw, so make sure you update now

A security flaw that would let hackers run code on a PC after simply opening the wrong RAR file, thankfully it has been resolved in WinRAR version 6.23.

1 minute & 42 seconds read time

If you're one of them any PC users out there that use WinRAR to handle their compression-related tasks (it's still one of the most popular archive utilities), then you might want to make sure you update to WinRAR version 6.23. Grab it here.

WinRAR version 6.23 patches up a very serious security flaw, so make sure you update now 02

The latest version of the shareware app patches a rather significant security flaw dubbed CVE-2023-40477, allowing hackers to access memory beyond the allocated buffer.

The flaw would give hackers code execution on the target system, though only after opening a malicious RAR file. Still, you're looking at a very serious vulnerability when someone can execute commands on your PC simply because you opened a RAR file, let alone extracted its contents. The fact that it requires the user to open a specific RAR file dropped the security flaw's severity rating to 7.8.

Here's the official description of the flaw from Zero Day Initiative.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.

RARLAB released WinRAR version 6.23 on August 2, 2023, addressing CVE-2023-40477. "A security issue involving out-of-bounds write is fixed in RAR4 recovery volumes processing code," writes the latest WinRAR patch notes. "We are thankful to goodbyeselene working with Trend Micro Zero Day Initiative for letting us know about this bug."

As for the future of WinRAR, in May, we reported that Windows 11 is getting native support for RAR, TAR, 7-Zip, and GZ formats - eliminating the need for a third-party app. The support would work much like how Windows 11 handles Zip files - by integrating archive options within File Explorer.

Buy at Amazon

Samsung 970 EVO Plus SSD 2TB NVMe M.2 Internal Solid State Hard Drive, V-NAND Technology

TodayYesterday7 days ago30 days ago
Buy at Newegg
* Prices last scanned on 9/25/2023 at 11:13 am CDT - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission.

Kosta might be a relatively new member of TweakTown, but he’s a veteran gaming journalist that cut his teeth on well-respected Aussie publications like PC PowerPlay and HYPER back when articles were printed on paper. A lifelong gamer since the 8-bit Nintendo era, it was the CD-ROM-powered 90s that cemented his love for all things games and technology. From point-and-click adventure games to RTS games with full-motion video cut-scenes and FPS titles referred to as Doom clones. Genres he still loves to this day. Kosta is also a musician, releasing dreamy electronic jams under the name Kbit.

Newsletter Subscription

Related Tags