Primary

Context

RAR Extractor - Unarchiver Free and Pro Code Injection Vulnerability on MacOS

Vulnerability

A code injection vulnerability has been identified in RAR Extractor - Unarchiver Free and Pro version 6.4.0. This issue allows local attackers to inject arbitrary code, potentially leading to remote control of the victim's machine and unauthorized access to sensitive user data. The vulnerability arises from the application's handling of dynamic libraries on MacOS, specifically through the exploit_combined.dylib component.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, use the Terminal to set the DYLD_INSERT_LIBRARIES environment variable to include the malicious dynamic library exploit_combined.dylib. Then, launch RAR Extractor - Unarchiver Pro from its application bundle. The injected code will be executed in the context of the application, exploiting the vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

0.0

threat

6.5

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RAR Extractor - Unarchiver Free and Pro Code Injection Vulnerability on MacOS

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating