WinRAR zero-day exploited since April to hack trading accounts

rhabarba · 2 years ago

WinRAR zero-day exploited since April to hack trading accounts

@bug@lemmy.one · 2 years ago

Is security not a merit?

@TheMadnessKing@lemdro.id · 2 years ago

Honestly, this is like the first time I heard WinRAR has this big security vulnerability. But I am still planning to stay on WinRAR given its easy to use UI and unlimited free trial.

rhabarba · 2 years ago

It is. Coincidentally, security was one of the reasons to uninstall 7-Zip.

morry040 · 2 years ago

The number of reported issues seems to be about the same with WinRAR: https://www.cvedetails.com/vulnerability-list/vendor_id-1914/product_id-3768/Rarlab-Winrar.html

@dan@upvote.au · edit-2 2 years ago

There’s barely any CVEs on that page. It’s likely a security researcher did some fuzzing of the executable and found a few issues at once.

Have you looked at how many vulnerabilities there’s been in things like Windows, MacOS, Chrome, etc?

rhabarba · 2 years ago

I have. The point is that there is no software without vulnerabilities.

@dan@upvote.au · 2 years ago

The point is that there is no software without vulnerabilities.

Definitely true, but that conflicts with this:

Coincidentally, security was one of the reasons to uninstall 7-Zip.

If you uninstalled software because of security, you wouldn’t have any software left :)

rhabarba · 2 years ago

Also true. I was probably too impatient when I bought a WinRAR license over night. But now I have it and I use it. :-)

@dan@upvote.au · 2 years ago

I’m sure they’re still celebrating someone purchasing a license :)

@averyminya@beehaw.org · 2 years ago

Y-you paid for WinRAR?

rhabarba · 2 years ago

I even own legitimate Total Commander and mIRC licenses!

@snowbell@beehaw.org · 2 years ago

Wow, a real unicorn! 🦄