Urgent WinRAR update needed for critical security vulnerability discovered by Google TAG

Users of WinRAR are being advised to immediately update their software due to a critical security vulnerability discovered by Google's Threat Analysis Group (TAG). This flaw has been exploited by various government-sponsored hacking groups since early 2023. The vulnerability enables attackers to execute arbitrary code when a Windows user opens certain files within a ZIP archive. This can be resolved by updating to WinRAR versions 6.23 or 6.24. However, WinRAR lacks an auto-update feature, requiring users to manually download and install the patch.

TAG describes the exploit as a "logical vulnerability" in WinRAR leading to temporary file expansion when processing specific archives. This vulnerability is further compounded by a peculiarity in Windows' ShellExecute when dealing with files with spaces in their extensions. Attackers have exploited this vulnerability to target cryptocurrency trading accounts since April 2023.

An alternative solution for Windows 11 users is the latest OS update, which includes native support for RAR and 7-zip files, providing an extra layer of protection along with the essential WinRAR update.