Skip to main content

Older Free Versions Of WinZip May Have Security Vulnerabilities

By December 24, 2020May 5th, 2022Cybersecurity

Hackers have found yet another possible inroad they can use to infect the machines of unsuspecting users.

This time, they’re infecting older versions of WinZip.

If there’s one utility that’s nearly as ubiquitous as Adobe’s Acrobat Reader, it would probably be WinZip.

In the 30+ years since its initial release, the handy tool has seen variants that are compatible with macOS, Android, iOS, all versions of Windows, and a few others. All told, it boasts more than a billion downloads, and that, of course, doesn’t count the legions of people who got a copy from a friend. In short, it’s a utility you can find on a majority of PCs and tablets running today. It’s everywhere, and that’s part of the problem.

The current version of WinZip is 25, but only a small minority of users are utilizing the latest build, and unfortunately, older versions check the server for updates via an un-encrypted connection, which is a weakness all too easy for hackers to exploit.

Basically, if a hacker inserts himself into the update process, he can execute any arbitrary code he wants, and the machine will assume it’s a WinZip update. Unfortunately, the only solution to the issue is to upgrade to WinZip 25, but where prior editions of the utility have been free, the latest WinZip update is paid. You’ll need to shell out just over $35 for the basic version or just under $60 for the “Pro” version and that’s pricey, especially when there are good free variants like 7Zip that can be found.

The bottom line though, is that if you’re using an older version of WinZip, you should be aware that every time the utility scans for an update, you open a door, even if only briefly, that may allow a watchful hacker access to devices on your network, and that’s a problem.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.