104

WinRAR zero-day exploited since April to hack trading accounts (www.bleepingcomputer.com)

submitted 1 year ago by tux0r@feddit.de to c/technology@beehaw.org

22 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[-] bug@lemmy.one 36 points 1 year ago

Is security not a merit?

[-] TheMadnessKing@lemdro.id 4 points 1 year ago

Honestly, this is like the first time I heard WinRAR has this big security vulnerability. But I am still planning to stay on WinRAR given its easy to use UI and unlimited free trial.

[-] tux0r@feddit.de 2 points 1 year ago

It is. Coincidentally, security was one of the reasons to uninstall 7-Zip.

[-] dan@upvote.au 16 points 1 year ago* (last edited 1 year ago)

There's barely any CVEs on that page. It's likely a security researcher did some fuzzing of the executable and found a few issues at once.

Have you looked at how many vulnerabilities there's been in things like Windows, MacOS, Chrome, etc?

[-] tux0r@feddit.de 3 points 1 year ago

I have. The point is that there is no software without vulnerabilities.

[-] dan@upvote.au 11 points 1 year ago

The point is that there is no software without vulnerabilities.

Definitely true, but that conflicts with this:

Coincidentally, security was one of the reasons to uninstall 7-Zip.

If you uninstalled software because of security, you wouldn't have any software left :)

[-] tux0r@feddit.de 2 points 1 year ago

Also true. I was probably too impatient when I bought a WinRAR license over night. But now I have it and I use it. :-)

[-] averyminya@beehaw.org 9 points 1 year ago

Y-you paid for WinRAR?

[-] tux0r@feddit.de 3 points 1 year ago

I even own legitimate Total Commander and mIRC licenses!

[-] snowbell@beehaw.org 2 points 1 year ago

Wow, a real unicorn! 🦄

[-] dan@upvote.au 8 points 1 year ago

I'm sure they're still celebrating someone purchasing a license :)

[-] morry040@kbin.social 9 points 1 year ago

The number of reported issues seems to be about the same with WinRAR: https://www.cvedetails.com/vulnerability-list/vendor_id-1914/product_id-3768/Rarlab-Winrar.html

this post was submitted on 24 Aug 2023

104 points (100.0% liked)

Technology

37712 readers

152 users here now

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:

This community's icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

founded 2 years ago

MODERATORS

alyaza@beehaw.org

TheRtRevKaiser@beehaw.org

gyrfalcon@beehaw.org

rs5th@beehaw.org

coldredlight@beehaw.org

Los@beehaw.org

SemioticStandard@beehaw.org

TheRtRevKaiser@kbin.social

remington@beehaw.org