If you are still using this iconic Windows program today, be very careful because they have detected several vulnerabilities that affect some versions. Compressed files are most useful. Thanks to them, we can minimize the space that our files occupy to make better use of the storage of our equipment.
WinZip is the most popular file compressor and one of the most iconic Windows programs still around. It was launched in April 1991, so that in a few months it will be 30 years old. Today it is in version 25 and, apart from the Windows program, it also has applications for macOS, iOS and Android.
If you use WinZip on Windows to zip and unzip files, be extremely careful because the SpiderLabs team of researchers from security company Trustwave has found vulnerabilities in some versions that could put you at risk.
According to the published report , WinZip 24 and earlier versions of the program send update verification requests in clear text (HTTP) to the server. Hackers could exploit this weakness to inject malware into users’ computers , so this is a significant problem.
And, as the researchers explain, the HTTP clear text can be intercepted, manipulated or hijacked by anyone who has the ability to see that traffic. Therefore, any user who is connected to the same network as the computer with a vulnerable version of WinZip can exploit this vulnerability for malicious purposes.
In addition, it is also important to note that. As part of the update verification request, WinZip sends potentially sensitive information, such as registered username, registration code, and other information that would be visible to the attacker , unencrypted .
If you have WinZip 24 or earlier versions installed on your PC, to avoid taking risks what you have to do is update to the latest version, which is currently 25. In the latest version, communications with the server are already encrypted, as well that you will not take risks. Of course, since the updates are paid, you may have to go through the box to update.
In case you don’t want to pay for the latest version, security researchers recommend that you disable the update checks . Thus WinZip would not send requests unencrypted to the server.