Wednesday 21 February 2018

uTorrent vulnerabilities leave users at risk of hacking and snooping

uTorrent's Windows desktop and web clients both contain vulnerabilities that leave users at risk of hacking.

The problem was discovered by Tavis Ormandy of Google Project Zero – a team of security analysts who specialize in finding zero-day vulnerabilities (ones that the developers or publishers are unaware of).

According to Ormandy the flaws are easy to exploit, and make it possible for criminals to control key functions in the client, including seeing your downloaded files and downloading malware that will run the next time you boot your PC.

Project Zero gives software vendors 90 days to fix vulnerabilities before making them public. Ormandy originally contacted BitTorrent about the flaw in November, but received no response. Fearing BitTorrent wouldn't make the deadline, he reached out to founder Bram Cohen on Twitter, prompting the company to act.

How to patch uTorrent

BitTorrent has issued a fix in its latest beta release, and plans to push a new stable version of the client out to all users later this week.

The web version of uTorrent has already been repaired, according to Dave Rees, vice president of engineering at BitTorrent. 

"We highly encourage all uTorrent Web customers to update to the latest available build 0.12.0.502 available on our website and also via the in-application update notification," he said in an email to users.

Via Ars Technica

http://ift.tt/2GwsMSr

1 comment: