Patched WinRAR Bug Still Under Active Attack – Thanks to No Auto-Updates


Various cyber criminal groups and individual hackers are still exploiting a recently patched critical code execution vulnerability in WinRAR, a popular Windows file compression application with 500 million users worldwide.

Why? Because the WinRAR software doesn’t have an auto-update feature, which, unfortunately, leaves millions of its users vulnerable to cyber attacks.

The critical vulnerability (CVE-2018-20250) that was patched late last month by the WinRAR team with the release of WinRAR version 5.70 beta 1 impacts all prior versions of WinRAR released over the past 19 years.

Read more…
Source: The Hacker News