: The ZIP self-extracting (SFX) module now refuses to process commands stored in archive comments if they are located after the start of an Authenticode digital signature . This prevents malicious actors from hiding commands within a signature body to bypass security checks.
: WinRAR now uses https instead of http for its web notifier window, home page, and theme links. This change, combined with additional checks in the web notifier, helps prevent malicious web pages from attempting to execute files on a user's computer. WinRAR 6.0.2 x64 x86
In , one major security feature was the reinforcement of the ZIP SFX module to block a specific type of attack involving digital signatures. Key Security & UI Features in 6.02 : The ZIP self-extracting (SFX) module now refuses
WinRAR 6.02 remains a versatile archiver for both 32-bit (x86) and 64-bit (x64) systems. For more details on these changes, you can visit the Official WinRAR 6.02 Release Page . WinRAR 6.02 final released This change, combined with additional checks in the
: For RAR5 archives , the name of the specific file that failed to unpack is now included in the "incorrect password" warning. This is particularly useful when dealing with non-solid archives where different files may be encrypted with different passwords.