A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: > The vulnerability seemed to have super Windows powers. It abused alternate > data streams, a Windows feature that allows different ways of representing the > same file path. The exploit abused that feature to trigger a previously > unknown path traversal flaw that caused WinRAR to plant malicious executables > in attacker-chosen file paths %TEMP% and %LOCALAPPDATA%, which Windows > normally makes off-limits because of their ability to execute code. More details in the article...

It’s being actively exploited.

Zero-day vulnerabilities are more commonly used, according to the Five Eyes: > Key Findings > > In 2023, malicious cyber actors exploited more zero-day vulnerabilities to > compromise enterprise networks compared to 2022, allowing them to conduct > cyber operations against higher-priority targets. In 2023, the majority of the > most frequently exploited vulnerabilities were initially exploited as a > zero-day, which is an increase from 2022, when less than half of the top > exploited vulnerabilities were exploited as a zero-day. > > Malicious cyber actors continue to have the most success exploiting > vulnerabilities within two years after public disclosure of the vulnerability. > The utility of these vulnerabilities declines over time as more systems are > patched or replaced. Malicious cyber actors find less utility from zero-day > exploits when international cybersecurity efforts reduce the lifespan of > zero-day vulnerabilities...

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very good at it yet, but they’re getting better. Here’s some anecdotal data from this summer: > Since July 2024, ZeroPath is taking a novel approach combining deep program > analysis with adversarial AI agents for validation. Our methodology has > uncovered numerous critical vulnerabilities in production systems, including > several that traditional Static Application Security Testing (SAST) tools were > ill-equipped to find. This post provides a technical deep-dive into our > research methodology and a living summary of the bugs found in popular > open-source tools...