Categories

BitTorrent official uTorrent client has a security vulnerability

BitTorrent’s official client, uTorrent, has a security vulnerability involving its web client that allows attackers to take control of the application. The issue was reported by[1] Google Project Zero researcher Tavis Ormandy. As per Project Zero’s policies, Ormandy gave BitTorrent 90 days to respond to his report.

BitTorrent sent Ormandy a beta build of uTorrent Classic which appeared to fix the issue, although he cautioned there may still be security flaws. “I think there is still a lot of unnecessary remote attack surface, but I don’t have any way to break the new build right now,” he said. BitTorrent then rolled out a patch for the beta version of uTorrent and announced the security problems were fixed.

However, earlier today Ormandy revealed that BitTorrent had moved the vulnerability to a different location.

“The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway.

I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch,” he said.

Now read: BitTorrent to focus on uTorrent and Mainline client[2]

References

  1. ^ reported by (bugs.chromium.org)
  2. ^ BitTorrent to focus on uTorrent and Mainline client (mybroadband.co.za)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.