If you're one of them any PC users out there that use WinRAR to handle their compression-related tasks (it's still one of the most popular archive utilities), then you might want to make sure you update to WinRAR version 6.23. Grab it here.
The latest version of the shareware app patches a rather significant security flaw dubbed CVE-2023-40477, allowing hackers to access memory beyond the allocated buffer.
The flaw would give hackers code execution on the target system, though only after opening a malicious RAR file. Still, you're looking at a very serious vulnerability when someone can execute commands on your PC simply because you opened a RAR file, let alone extracted its contents. The fact that it requires the user to open a specific RAR file dropped the security flaw's severity rating to 7.8.
Here's the official description of the flaw from Zero Day Initiative.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the processing of recovery volumes. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process.
RARLAB released WinRAR version 6.23 on August 2, 2023, addressing CVE-2023-40477. "A security issue involving out-of-bounds write is fixed in RAR4 recovery volumes processing code," writes the latest WinRAR patch notes. "We are thankful to goodbyeselene working with Trend Micro Zero Day Initiative for letting us know about this bug."
As for the future of WinRAR, in May, we reported that Windows 11 is getting native support for RAR, TAR, 7-Zip, and GZ formats - eliminating the need for a third-party app. The support would work much like how Windows 11 handles Zip files - by integrating archive options within File Explorer.