Been around since April, I don't care (linux user)....looks like the term 0day has lost it's knife-edge =)
I saw in the news today that there's a WinRAR exploit. goes into a whole lot of detail. (Too much to follow, really, but most news outlets go the other direction and just say there's some vulnerability being used to target brokers' accounts without giving any idea of what is happening.) My understanding is that it's WinRAR itself, not the .rar format, and that it can be triggered by opening a maliciously-crafted .zip or .rar file. There's a CVE number assigned, but it presently just shows up as "Reserved" with no details.
Seems like this was specifically targeted at some financial trading groups, but be extra careful with what you download either way. (Sincerely, someone who has recently downloaded, and shared, some .zip and .rar files. Yikes!)
Look Here -> |
Been around since April, I don't care (linux user)....looks like the term 0day has lost it's knife-edge =)
The zero-day aspect is definitely confounding journalists. My impression is that it was a zero-day in April and was exploited undetected for some time, but was then noticed in June/July and fixed in August. But certainly not one now.
Mac/Linux (laptop/server) guy here, so same situation as you, except for when I've got to deal with radio programming stuff which is still Windows-based. (Although I don't use WinRAR.)
Winrar, wot's that? Another Linux user here. Fortunately, it is unlikely to ever be an issue in this household as I rarely download compressed files and NEVER use winrar.
I'm out of my mind, but feel free to leave a message...
Actually, I have winrar installed in my default $wineprefix, and all the desktop file associations point to that, so if I double-click on a *.rar file, winrar pops up ...and if I don't want that I can use the downloads context to unpack it with Xarchiver... and if I'm really feeling lazy, hit the shell up with an unrar -x ...
What's interesting here (or will be), finding out what's responsible for the delayed exposure ... it's not typically consistent with the disclosure chronology normally seen with 0day 'ploits ...goota gut feeling there's more to this than is immediate obvious, at the now...
Bookmarks