| Version | Change log |
| WinRAR for Mac OS X 7.01 May 15, 2024 | |
| WinRAR for Mac OS X 7.00 Feb 28, 2024 | |
| WinRAR for Mac OS X 6.24 Oct 4, 2023 | |
| WinRAR for Mac OS X 6.23 Aug 2, 2023 | |
| WinRAR for Mac OS X 6.22 May 31, 2023 | |
| WinRAR for Mac OS X 6.21 Feb 20, 2023 | |
| WinRAR for Mac OS X 6.20 Jan 23, 2023 | |
| WinRAR for Mac OS X 6.11 Mar 4, 2022 | |
| WinRAR for Mac OS X 6.02 Jun 14, 2021 |
ZIP SFX module refuses to process SFX commands stored in archive comment if such comment is resided after beginning of Authenticode digital signature. It is done to prevent possible attacks with inclusion of ZIP archive into the signature body. We already prohibited extracting contents of such malformed archives in WinRAR 6.01.We are thankful to Jacob Thompson - Mandiant Advantage Labs for reporting this issue. WinRAR uses https instead of http in the web notifier window, home page and themes links. It also implements additional checks within the web notifier. This is done to prevent a malicious web page from executing existing files on a user's computer. Such attack is only possible if the intruder has managed to spoof or otherwise control user's DNS records. Some other factors are also involved in limiting the practical application of this attack. We would like to express our gratitude to Igor Sak-Sakovskiyfor bringing this issue to our attention. |
| WinRAR for Mac OS X 6.01 Apr 12, 2021 |
