uTorrent vulnerabilities allow information disclosure and remote code execution
A BitTorrent client with more than 100 million users suffers numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google’s Project Zero.
Google security researcher Tavis Ormandy informed BitTorrent Inc. of the issues with the uTorrent client in December 2017. A patch was made public Tuesday but Ormandy says that, after a small tweak, his exploits continue to work in the default configuration.
“This issue is still exploitable,” Ormandy explained. “The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch.”