Of all the applications on your PC, the one you used to unzip files in college might seem like a pretty innocuous little program. After all this time, you may have even forgotten that you still had it installed on your machine.
Thanks to its lightweight design and never-ending free trial period, WinRAR was one of the most popular desktop applications of the early 2000’s.
Although its utility has been somewhat diminished by more modern file-sharing options, it’s still a common feature of many home computers. Chances are, you’ve used it at least a few times over the years.
Recently, however, a team of security experts from Check Point Research published a report detailing a security exploit in WinRAR that went undetected for 19 years. The team discovered the vulnerability while using an automated software testing tool called WinAFL to perform fuzz testing in Windows environments.
During these tests, the researchers found that hackers could use WinRAR to extract a malicious ACE program to a PC’s startup folder by simply disguising the ACE file as a RAR archive. Although this exploit went unnoticed for nearly two decades, the researchers estimate it could have put the personal data of 500 million users at risk.
The good news is, WinRAR was quick to patch the exploit after receiving the report from Check Point. As it turns out, WinRAR had been using a third-party tool to unzip ACE files that had not been updated in 14 years.
If WinRAR is still tucked away in the applications folder of your PC, now’s the time to update. While you’re at it, you might consider uninstalling some of the more outdated applications on your PC as well. Clearing out these old applications will not only free up valuable hard drive space on your machine, but also mitigate your exposure to potential security threats.