: The ZIP self-extracting (SFX) module now refuses to process commands stored in archive comments if they are located after the start of an Authenticode digital signature . This prevents malicious actors from hiding commands within a signature body to bypass security checks.
: For RAR5 archives , the name of the specific file that failed to unpack is now included in the "incorrect password" warning. This is particularly useful when dealing with non-solid archives where different files may be encrypted with different passwords. WinRAR 6.0.2 x64 x86
In , one major security feature was the reinforcement of the ZIP SFX module to block a specific type of attack involving digital signatures. Key Security & UI Features in 6.02 : The ZIP self-extracting (SFX) module now refuses