Blog

Older Free Versions Of WinZip May Have Security Vulnerabilities

Dec 24, 2020 | Blog

Hackers have found yet another possible inroad they can use to infect the machines of unsuspecting users.

This time, they’re infecting older versions of WinZip.

If there’s one utility that’s nearly as ubiquitous as Adobe’s Acrobat Reader, it would probably be WinZip.

In the 30+ years since its initial release, the handy tool has seen variants that are compatible with macOS, Android, iOS, all versions of Windows, and a few others. All told, it boasts more than a billion downloads, and that, of course, doesn’t count the legions of people who got a copy from a friend. In short, it’s a utility you can find on a majority of PCs and tablets running today. It’s everywhere, and that’s part of the problem.

The current version of WinZip is 25, but only a small minority of users are utilizing the latest build, and unfortunately, older versions check the server for updates via an un-encrypted connection, which is a weakness all too easy for hackers to exploit.

Basically, if a hacker inserts himself into the update process, he can execute any arbitrary code he wants, and the machine will assume it’s a WinZip update. Unfortunately, the only solution to the issue is to upgrade to WinZip 25, but where prior editions of the utility have been free, the latest WinZip update is paid. You’ll need to shell out just over $35 for the basic version or just under $60 for the “Pro” version and that’s pricey, especially when there are good free variants like 7Zip that can be found.

The bottom line though, is that if you’re using an older version of WinZip, you should be aware that every time the utility scans for an update, you open a door, even if only briefly, that may allow a watchful hacker access to devices on your network, and that’s a problem.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech