uTorrent has a dangerous security flaw

uTorrent has a dangerous security flaw
BitTorrent and its lighter version, uTorrent have a serious security flaw.

Google researcher found a technique that allows attackers to direct DNS requests to user's computer, allowing to spoof the download sources, download files, add them to startup folder and more.



All versions of uTorrent and BitTorrent are affected and bug is only fixed in latest beta.

"On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user's consent (e.g. adding a torrent).

BitTorrent was also made aware yesterday that it's new beta product, uTorrent Web, is vulnerable to a similar bug. "


You can download the latest beta of uTorrent from our software section:

uTorrent for Windows

Written by: Petteri Pyyny @ 22 Feb 2018 8:06
Tags
security exploit security breach security bug BitTorrent uTorrent
Advertisement - News comments available below the ad
  • 3 comments
  • hearme0

    I torrent stuff, not rampantly leeching by any stretch of the imagination but I do download.

    A torrent is a torrent is a torrent. The protocol remains the same for the most part and rather unchanged. Utorrent 2.2.1 is the last Utorrent before they implemented ads. This in turn should be impervious to the current vulnerability as there aren't any ads to be exploited. Some say 2.2.0 but 2.2.1 is indeed the only and BEST torrent client available..........PERIOD!

    22.2.2018 12:55 #1

  • Bozobub

    The only other viable alternative to 2.2.1 is 1.8.1; 2.2.0 had several dire flaws, actually, that are not present in either 1.8.1 (which does not handle magnet links, IIRC) and 2.2.1.

    22.2.2018 19:49 #2

  • scorpNZ

    Stopped using UT late 2016 for qBittorrent

    hearme0 the new marvel anti hero aka "the leech" he'll suck the life right out of you,run for your lives

    http://www.afterdawn.com/guides/
    http://www.realmodscene.com/

    22.2.2018 21:47 #3

© 2024 AfterDawn Oy

Hosted by
Powered by UpCloud