If you use Windows and you are a follower of the download, you’ve probably used WinRAR, like 500 million others. And perhaps even unwittingly, as it is part of software that installs by default on his machine. But the file compression utility contains a flaw, according to security researcher Mohammad Reza Espargham. According to him, the latest version of software (5.21) allow to remotely execute any malicious code.
No problem for developers of WinRAR
So when decompressing a type of SFX archive, HTML code inserted before compression can be executed. It can therefore instruct your computer to download software and install it without your consent and without you noticing. The principle was also demonstrated by the researcher on this video.
No comments:
Post a Comment