Jump to content
  • WinRAR 6.02 update includes security improvements

    Karlston

    • 856 views
    • 2 minutes
     Share


    • 856 views
    • 2 minutes

    WinRAR 6.02 update includes security improvements

     

    WinRAR is a popular commercial archive creation and extraction program, best known for supporting the RAR archive format.

     

    WinRAR 6.02 was released earlier today and is available for download on the official website already. The update introduces important security improvements as well as other non-security related improvements and bug fixes.

     

    A click on Help > About WinRAR displays the installed version on the device.

     

    winrar 6.02

     

    The official WinRAR 6.02 changelog lists two security-related improvements. The application uses HTTPS instead of HTTP from now on for its web notification window, home page and themes links. Additional checks have been implemented to make the web notifier more robust against potential threats.

     

    An attacker needed to use advanced attacks that involved spoofing or gaining control over the DNS settings of a device, but would be able to use malicious webpages to execute existing files on a user system, if executed correctly. The move to HTTPS prevents this attack scenario entirely.

     

    The second security-related change improves the handling of malformed archives. WinRAR 6.01 prevented the extraction of contents already, but WinRAR 6.02 improves that by refusing to process SFX (self-extracting) commands stored in archive comments if the comments reside after the beginning of the Authenticode digital signature; this is done to prevent attacks that abuse the loophole.

     

    On the usability side, improvements are found in several areas. Error messages thrown by SFX archives will provide users with additional information in WinRAR 6.02. Previously, errors stated "cannot create file" only, which did not reveal the reason for the error. In WinRAR 6.02, the error will provide details, such as "access denied" or "file in use" when possible.

     

    WinRAR did support the information for regular archives previously, but not for SFX archives; this changes with the release of WinRAR 6.02. Another useful addition is that the name of the unpacked file is now included in error messages related to incorrect passwords.

     

    The release addresses two bugs. One fixes an issue that would see the error "The specified password is incorrect" thrown, despite that operations would complete successfully.

     

    You can check the full changelog to find out about the second bug fix and several improvements to command line switches.

     

    Now You: do you use WinRAR or another archiver?

     

     

    WinRAR 6.02 update includes security improvements

     

    Frontpaged: WinRAR 6.02


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...