WinRAR 6.02 update includes security improvements

WinRAR is a popular commercial archive creation and extraction program, best known for supporting the RAR archive format.

WinRAR 6.02 was released earlier today and is available for download on the official website already. The update introduces important security improvements as well as other non-security related improvements and bug fixes.

A click on Help > About WinRAR displays the installed version on the device.

winrar 6.02

The official WinRAR 6.02 changelog lists two security-related improvements. The application uses HTTPS instead of HTTP from now on for its web notification window, home page and themes links. Additional checks have been implemented to make the web notifier more robust against potential threats.

An attacker needed to use advanced attacks that involved spoofing or gaining control over the DNS settings of a device, but would be able to use malicious webpages to execute existing files on a user system, if executed correctly. The move to HTTPS prevents this attack scenario entirely.

The second security-related change improves the handling of malformed archives. WinRAR 6.01 prevented the extraction of contents already, but WinRAR 6.02 improves that by refusing to process SFX (self-extracting) commands stored in archive comments if the comments reside after the beginning of the Authenticode digital signature; this is done to prevent attacks that abuse the loophole.

On the usability side, improvements are found in several areas. Error messages thrown by SFX archives will provide users with additional information in WinRAR 6.02. Previously, errors stated "cannot create file" only, which did not reveal the reason for the error. In WinRAR 6.02, the error will provide details, such as "access denied" or "file in use" when possible.

WinRAR did support the information for regular archives previously, but not for SFX archives; this changes with the release of WinRAR 6.02. Another useful addition is that the name of the unpacked file is now included in error messages related to incorrect passwords.

The release addresses two bugs. One fixes an issue that would see the error "The specified password is incorrect" thrown, despite that operations would complete successfully.

You can check the full changelog to find out about the second bug fix and several improvements to command line switches.

Now You: do you use WinRAR or another archiver?

Summary
software image
Author Rating
1star1star1star1star1star
4.5 based on 2 votes
Software Name
WinRAR 6.02
Operating System
Windows
Software Category
File Management
Landing Page
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Victoria said on June 14, 2021 at 3:11 pm
    Reply

    The official webpage for winrar is https://www.rarlab.com/download.htm

  2. Coriy said on June 14, 2021 at 4:26 pm
    Reply

    Does anyone use, and recommend, the Android version of WinRAR? Or do you use something else?

    1. Anonymous said on June 15, 2021 at 1:53 am
      Reply

      Amaze is the best. No ads, open source, can open/create archives

  3. Ch'ü Tsê-t'ien said on June 14, 2021 at 5:46 pm
    Reply

    @Coriy I do. And I use nothing else on Android. On PC I use this and 7-zip.

  4. Unlimited Company License said on June 15, 2021 at 7:09 am
    Reply

    “40 days trial copy”. Is that a bug?

    1. beemeup5 said on June 15, 2021 at 10:19 am
      Reply

      WinRAR basically has an “unlimited” trial. After 40 days it will nag you for a license but will otherwise continue working as usual. A smart move to avoid pushing users to the many free alternatives.

  5. TelV said on June 15, 2021 at 6:07 pm
    Reply

    After downloading version 6.00 my laptop overheated rapidly which led me to revert to the previous version which was 5.91

    I hope the same thing doesn’t happen with the new version.

    N.B. When trying to post this which is my first post of the day, a msg which reads “You’re posting too quickly” appears.

  6. ULBoom said on June 15, 2021 at 7:33 pm
    Reply

    Been using 7-Zip so long, I guess I didn’t know WinRAR still existed. Not sure what the built in Windows expander thing is, WinZip, maybe?

    1. Matt said on June 16, 2021 at 5:57 am
      Reply

      No, WinZip is a commercial product by a separate company. The built-in zip support in Windows is very basic and only supports the zip format and nothing else (no 7-zip, rar, etc.).

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.