RAR APP Arbitrary File Write and Read Vulnerability Vendor: RARLAB (https://www.rarlab.com/) Affected Product: RAR APP (com.rarlab.rar) Version: <= V7.11.build127 Google Play Link: https://play.google.com/store/apps/details?id=com.rarlab.rar Vulnerability Description RAR APP lacks proper security checks during file import, allowing unauthorized applications to control filenames and content. This enables path traversal attacks to overwrite or read arbitrary files within the app’s internal storage. Potential security impacts include arbitrary code execution, exposure of sensitive information, and denial of service. Report and Fix We reported this issue to the developers, who responded promptly and acknowledged our findings. The vulnerability has been fixed in the newly released version V7.20.build129. PoC Example: