September 25, 2023

Number of vulnerabilities in the WinZip file compression software that could be used to inject malware into a user’s device. The insecurities reside within the server-client communication channel.

Few versions of WinZip communicate with the server via an unencrypted connection when looking for updates, sending requests in cleartext.

As a result, the HTTP connection can easily be taken over by a threat actor and used as a way of stealthily inserting malware.

“Since HTTP is unencrypted cleartext, it can be grabbed, manipulated, or hijacked by anyone with the ability to see that traffic,” Martin Rakhmanov, security research manager at Trustwave’s SpiderLabs team, explained.

“This means anyone on the same network as a user running a vulnerable version of WinZip can use techniques like DNS poisoning to trick the application to fetch ‘update’ files from a malicious web server instead of a legitimate WinZip update host. As a result, unsuspecting users can launch arbitrary code as if it is a valid update.”

WinZip sends potentially sensitive information, including usernames and registration codes, over the same unencrypted channel when sending update requests. This means that an attacker could easily gain access to this information .

The easiest way for users to safeguard themselves against these malware attacks is to upgrade to WinZip 25, as this version uses HTTPS for its server communications. If an upgrade is out of the question, users should disable automatic update checks to stay safe.

Tags:

Leave a Reply

You may have missed

BlackCat adds Clarion to its Victim list

September 24, 2023

TheCyberThrone Security Week In Review – September 23, 2023

September 24, 2023

MGM Resorts and Ceasars Attacks – Lesson Learnt

September 23, 2023

CISA KEV Update September 2023 – Part II

September 23, 2023

Air Canada Reveals Data Exposure due to a Cyberattack

September 23, 2023

SandMan APT Group in action against Telcos

September 22, 2023
%d bloggers like this: