Do You Use WinRAR? Install This Urgent Security Update ASAP To Thwart Hackers
If you're among the masses still using WinRAR, you'd better grab the latest version, WinRAR 6.23 Final. It isn't exactly new; the release came out 21 days ago. However, when we're talking about an application that updates as infrequently as WinRAR, that might as well be yesterday. WinRAR 6.23 primarily patches up some bugs in the software, one of which was a major security issue.
The Trend Micro security research group Zero Day Initiative first discovered the flaw, and notes that the problem was with the way WinRAR processed recovery volumes. A "lack of proper validation of user-supplied data" could result in a classical buffer overflow, allowing the bad actor to start running whatever code they want.
The issue's been patched up in the latest version of WinRAR, so as long as you're up-to-date, there's not too much to worry about. WinRAR 6.23 also plugs a hole where a carefully-crafted archive could make the application load the wrong file, which may not be quite as dangerous, but could certainly be confusing.