WinRAR developers have released a new version of the archiver with a fixed critical vulnerability that allows hackers to execute arbitrary code on victims’ computers, potentially laden with system takeover. In this respect informs Edition of Bleeping Computer.
The vulnerability was discovered on June 8, 2023, by goodselene, an independent information security researcher from the Zero Day Initiative. The bug received code CVE-2023-40477 and a criticality score of 7.8 out of 10.
The exploit of CVE-2023-40477 involves sending a malicious RAR archive to the victim. Next, the cybercriminal only needs to wait for the file to open. The optional code runs automatically.
To protect against such attacks, the user must install WinRAR 6.23. It appeared on August 2, 2023. The developers have decided to publicly release information about the currently closed issue.
Information about users affected by CVE-2023-40477 was not disclosed.
Previous “mysterious” hacker attack took it out American ground-based telescopes are malfunctioning.