Security News

A WinRar zero-day vulnerability tracked as CVE-2023-38831 was actively exploited to install malware when clicking on harmless files in an archive, allowing the hackers to breach online cryptocurrency trading accounts. The vulnerability has been under active exploitation since April 2023, helping distribute various malware families, including DarkMe, GuLoader, and Remcos RAT. The WinRAR zero-day vulnerability allowed the threat actors to create malicious.

A high-severity security flaw has been disclosed in the WinRAR utility that could be potentially exploited by a threat actor to achieve remote code execution on Windows systems. Tracked as CVE-2023-40477, the vulnerability has been described as a case of improper validation while processing recovery volumes.

Users of the popular WinRAR compression and archiving tool should update now to avoid a vulnerability that allows code to be run when a user opens a RAR file. WinRAR is one of the many apps available for compressing and packaging multiple files together for distribution or archiving, and is claimed as the world's most popular compression tool with over 500 million users worldwide.

A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats. CVE-2023-40477 is a remote code execution vulnerability that could allow remote threat actors to execute arbitrary code on an affected WinRAR installation.

The flaw is tracked as CVE-2023-40477 and could give remote attackers arbitrary code execution on the target system after a specially crafted RAR file is opened.RARLAB released WinRAR version 6.23 on August 2nd, 2023, effectively addressing CVE-2023-40477.