Prior to version 6.23, attackers could run malicious code if a user opened a specially crafted RAR file.
The vulnerability, classified as high severity CVE-2023-40477, relates to program processing of recovery volumes and incorrect validation of user-supplied data.
This meant that hackers could access memory outside of the allocated buffer. To become a victim of the attack, the user had to visit a masked malicious page or open a file.
Security researcher goodselene first discovered the vulnerability and reported it to developers in early June. On August 17, WinRAR released update 6.23 that fixed the issue.
Source: Ferra
I am a professional journalist and content creator with extensive experience writing for news websites. I currently work as an author at Gadget Onus, where I specialize in covering hot news topics. My written pieces have been published on some of the biggest media outlets around the world, including The Guardian and BBC News.
