uTorrent bug allows remote code execution

Posted on Wednesday, February 21 2018 @ 15:50 CET by Thomas De Maesschalck
uTorrent logo
Security researchers from Google's Project Zero discovered nasty security vulnerabilities in uTorrent. Both the desktop and the web version of this hugely popular BitTorrent client featured a bug that enables attackers to execute code, access downloaded items, and snoop on your download history.

ARS Technica writes the threat level is pretty high as malicious websites could abuse the security bug to run arbitrary code on your PC:
The vulnerabilities, according to Project Zero, make it possible for any website a user visits to control key functions in both the uTorrent desktop app for Windows and in uTorrent Web, an alternative to desktop BitTorrent apps that uses a Web interface and is controlled by a browser. The biggest threat is posed by malicious sites that could exploit the flaw to download malicious code into the Windows startup folder, where it will be automatically run the next time the computer boots up. Any site a user visits can also access downloaded files and browse download histories.
Users of uTorrent need to upgrade to version 3.5.3.44352. Web users of uTorrent need to ensure they're running build 0.12.0.502 to be protected.


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments