Still using WinRAR? It has a worrying security flaw that could let hackers hijack your Windows device

Security researchers uncover new flaw in WinRAR
The flaw allowed threat actors to bypass Mark of the Web and deploy malware to Windows devices without warning
WinRAR released a new version to fix the bug, so update now

Experts have uncovered a flaw in WinRAR which could allow threat actors to bypass the Mark of the Web (MotW) and deploy malware on people’s computers.

The vulnerability was discovered by Japanese researcher Shimamine Taihei from the Mitsui Bussan Secure Directions, and is now tracked as CVE-2025-31334, and was given a severity score of 6.8/10 (medium).

MotW is a security mechanism that displays a warning when an executable file is downloaded from the internet. It is built into Windows and serves as an additional layer of security, warning people that files downloaded from the internet might be dangerous – however, there is a way to work around the warning when a file is shared in an archived format.

Symlink

“If symlink pointing at an executable was started from WinRAR shell, the executable Mark of the Web data was ignored,” WinRAR explained the vulnerability.

A symlink (short for symbolic link) is a shortcut or alias to a file or folder. Instead of copying a file, a symlink just points to it. Therefore, a hacker could create a symlink pointing to an executable with MotW, and if a victim runs it, the MotW wouldn’t show.

The vulnerability was found in all older versions of WinRAR, and it was addressed in version 7.11, which is now available for download.

Ever since Mark of the Web was introduced, cybercriminals have been looking for different ways to bypass it and deliver malware without warning.

In late January 2025, 7-Zip patched a major flaw that enabled just that. It is tracked as CVE-2025-0411 and was given a high severity score, 7/10. Earlier still, in 2022, researchers found a password-protected .ZIP file with an .ISO file inside that was able to bypass MotW.

To mitigate the risk, users should always keep their archivers up to date, and be vigilant when downloading files from the internet.

Via BleepingComputer

Source link

Breaking News

Google DeepMind creates super-advanced AI that can invent new algorithms

Ms. Marvel and Bad Boys directors are adapting extreme sports video game Riders Republic into a feature-length movie

Switch 2 Specs Fully Leak, and Here’s Why You Shouldn’t Care

Jack Draper: Tim Henman and Laura Robson say British No 1 should not to be so hard on himself after Italian Open exit | Tennis News

Netflix will show generative AI ads midway through streams in 2026

Elon Musk’s Grok AI Can’t Stop Talking About ‘White Genocide’

Costco Ready-to-Eat Sandwiches Recalled Due to Listeria

King of the Hill is back with a first look that has everyone but Hank living in the 21st century

Beyond qubits: Meet the qutrit (and ququart)

Google DeepMind creates super-advanced AI that can invent new algorithms

Ms. Marvel and Bad Boys directors are adapting extreme sports video game Riders Republic into a feature-length movie

Switch 2 Specs Fully Leak, and Here’s Why You Shouldn’t Care

Jack Draper: Tim Henman and Laura Robson say British No 1 should not to be so hard on himself after Italian Open exit | Tennis News

Still using WinRAR? It has a worrying security flaw that could let hackers hijack your Windows device

More From Author

Google DeepMind creates super-advanced AI that can invent new algorithms

Ms. Marvel and Bad Boys directors are adapting extreme sports video game Riders Republic into a feature-length movie

Switch 2 Specs Fully Leak, and Here’s Why You Shouldn’t Care

+ There are no comments

Cancel reply

Nintendo of America president says ‘tariffs were not factored into the price’ of the Switch 2 and weighs in on the price of games

Shake Shack’s Latest Shake Is a Tribute to the Viral Dubai Chocolate Bar

You May Also Like:

Google DeepMind creates super-advanced AI that can invent new algorithms

Ms. Marvel and Bad Boys directors are adapting extreme sports video game Riders Republic into a feature-length movie

Switch 2 Specs Fully Leak, and Here’s Why You Shouldn’t Care

Jack Draper: Tim Henman and Laura Robson say British No 1 should not to be so hard on himself after Italian Open exit | Tennis News

Netflix will show generative AI ads midway through streams in 2026

Elon Musk’s Grok AI Can’t Stop Talking About ‘White Genocide’

Costco Ready-to-Eat Sandwiches Recalled Due to Listeria

King of the Hill is back with a first look that has everyone but Hank living in the 21st century

Breaking News

Top Tagged

+ There are no comments

Nintendo of America president says ‘tariffs were not factored into the price’ of the Switch 2 and weighs in on the price of games

Shake Shack’s Latest Shake Is a Tribute to the Viral Dubai Chocolate Bar