Serious flaw within torrenting software μTorrent
Are you one of many users of the worlds most popular torrenting client, μTorrent? If so, you should be concerned. Tavis Ormandy of Google’s Project Zero are currently warning of severe vulnerabilities within the client. These could allow an attacker remote control of your device through a malicious webpage. The developers of μTorrent, BitTorrent, have issued a patch set to roll out soon. A pro-active download of their new patched client is also offered.
Project Zero finds flaws in μTorrent
Tavis Ormandy of Google’s Project Zero recently issued a warning; Major flaws were found within the hugely popular torrenting application μTorrent. Project Zero has a 90-day policy, giving developers 90 days to fix the issues found by the group before their release to the public. The flaws were discovered in early December, meaning they recently passed their due-date and became public knowledge.
Patches are coming
BitTorrent issued a patch after 80 days had passed of the Project Zero policy. Roll-out of the patch will occur in the upcoming weeks. If you are using an earlier version of the software it is recommended to download the latest build from their official page. An official statement by the developers of μTorrent, BitTorrent, has also been made regarding the flaws.
“On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build 220.127.116.11352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. adding a torrent).”