Add encryption function (e.g. AES256) to encrypt files inside CAB. User can specify encryption key in webupdate component to decrypt update.

Currently the files inside the CAB file can be replaced with malicious software with the same filename without the update knowing that this happened.

If the CAB file is hosted on your website, that would already mean that access to your website was obtained. We'd recommend in the first place to ensure only you can put the CAB files on the website.