Hackers infecting older versions of WinZip. If there’s one utility that’s nearly as ubiquitous as Adobe’s Acrobat Reader, it would probably be WinZip.
Since WinZip’s initial release 30+ years ago, the handy tool has seen variants compatible with macOS, Android, iOS, all versions of Windows, and a few others. All told, WinZip boasts more than a billion downloads, and that, of course, doesn’t count the legions of people who got a copy from a friend. In short, WinZip is a utility you can find on a majority of PCs and tablets running today and is everywhere. That’s part of the problem.
The current version of WinZip is 25, but only a small minority of users utilize the latest build. Unfortunately, older WinZip versions check the server for updates via an unencrypted connection, which is a weakness all too easy for hackers to exploit.
If hackers infecting themselves in the older version’s update process, the hacker can execute any arbitrary code he wants, and the machine will assume it’s a WinZip update. The only solution to the issue is to upgrade to WinZip 25, but where prior editions of the utility have been free. A user will have to purchase the latest WinZip update. You’ll need to shell out just over $35 for the basic version or $60 for the “Pro” version. These pricing options are pricey, especially when there are suitable free variants like 7Zip that you can find online.
The bottom line, though, is that if you’re using an older version of WinZip, you should be aware that every time the utility scans for an update, you open a door, even if only briefly. Watchful hackers may access your devices on your network, and that’s a problem.
