Simple phishing techniques were used in one of the incidents, where an alleged pirated copy of Ariana Grande’s “Thank U, Next” album was compressed WinRar format which contains not only the actual audio files but also includes malicious exe files, which will be extracted to the Startup folder, executing the code upon Windows restart. The vulnerability has been fixed by WinRar developers last February 26, 2019, but apparently, those that fall for the exploit were using older versions, as they disable WinRar auto-updates in the settings menu. The threat actor only needs to enable the user to open a malicious ACE archive file in WinRar through a phishing technique or a specially created URL shortened site hosting the file for download. Once the machine is rebooted, it will automatically run that compressed executable file, the attacker can elect what file to be compressed in ACE archive format for later execution by the system after a reboot. The unpatched version of UNACEV2.DLL can create a loophole where an executable file compressed using the ACE archive format can be extracted to the system’s Startup folder. The “Absolute Path Traversal” vulnerability was discovered in the support file named UNACEV2.DLL that comes in all WinRar install. Winrar had a vulnerability under CVE-2018-20250, it was fixed with Winrar 5.70 beta 1. That is exactly what happened with Winrar users who deliberately disabled auto-updates. It is unfortunate that many users are starting to avoid auto-updates for their software altogether in order to prevent the hassles of restarting the computer and interrupt their workflow. So on Xee I rolled back to 3.5.Just like the operating system itself, application software needs to be updated regularly in order to prevent the possibility of fixed security vulnerability from being taken advantage of by 3rd parties. Some pages show up as noise, where as other programs(like Comic Reader). I should mention Xee 3.5.3(marketed by the same company) inherited a bug in the new release, that it can no longer reliably read. Quit button disappears.) and the program hangs. Then somehow “The Unarchiver” memory gets corrupted, and the menus no longer work(e.g. BTW, there seems to be another bug that comes up if you select more than about 250 files from Finder and invoke “The Unarchiver”. So i am temporarily using command line tools to do the operations. Now, randomly I get a notofication about the encoding the compressed file uses. Before the last two versions, I could choose ‘Compress “some directory”’ from the finder menu, and then few minutes later I could uncompress it by using “The Unarchiver”. However there are more problems with version 3.11.3. Then they had a problem with 3.11.2, which they think they fixed in 3.11.3. Until this version 3.1.2 it was a 5 star now maybe 4 If you could implement something like that in your next update that would be greatly appreciated! Again, thank you for developing this application, beacuse it is really awesome and allows me to get my job more done more efficiently, but please don't put pop-ups in your software. The developers allow you to display the normal icon for the app or the #StandwithUkraine version. Spark, an excellent email client, is a great example of this. I don't want to be reminded of this when I am unzipping some files on the job, please remove this in your next build or at least give us the option to remove it. I stand with Ukraine and have donated to the cause of helping them get on their feet and fight during this time of war. But why I am writing this review is because of a very frustrating pop-up within The Unarchiver. Amazing utility, but with the annoyance of pop-upsįirst of all MacPaw, love what you guys do, Setapp and CleanMyMacX are staples of the amazing apps and services available for the Mac platform, and developers like you guys keep the Mac such an enticing platform.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |