Skip to main content

uTorrent vulnerabilities allow information disclosure and remote code execution

posted onFebruary 21, 2018
by l33tdawg

A BitTorrent client with more than 100 million users suffers numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google’s Project Zero.

Google security researcher Tavis Ormandy informed BitTorrent Inc. of the issues with the uTorrent client in December 2017. A patch was made public Tuesday but Ormandy says that, after a small tweak, his exploits continue to work in the default configuration.

“This issue is still exploitable,” Ormandy explained. “The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch.”




You May Also Like

Recent News

Tuesday, March 20th

Monday, March 19th

Friday, March 16th

Thursday, March 15th

Wednesday, March 14th

Tuesday, March 13th