Skip to main content

uTorrent vulnerabilities allow information disclosure and remote code execution

posted onFebruary 21, 2018
by l33tdawg

A BitTorrent client with more than 100 million users suffers numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google’s Project Zero.

Google security researcher Tavis Ormandy informed BitTorrent Inc. of the issues with the uTorrent client in December 2017. A patch was made public Tuesday but Ormandy says that, after a small tweak, his exploits continue to work in the default configuration.

“This issue is still exploitable,” Ormandy explained. “The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch.”

Source

Tags

Security

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th