Travis Ormandy, a researcher at Google Project Zero has discovered serious bugs in two versions of the popular BitTorrent program, uTorrent.
Image: uTorrent
What is more concerning is the fact that these security issues are easy to exploit, allowing attackers access to downloaded files in addition to the ability to remotely execute code.
Executing code and accessing downloaded files is not the only thing that the hackers could do as these bugs also allow them to monitor and keep a track of all the downloads made by the user in the past. According to a report by TorrentFreak, the bugs allow any website to control key functions of the torrenting app, which includes the desktop version as well as the web version of uTorrent. The report goes on to point out the most glaring part of the security issue, where it can allow any malicious website to download harmful code into the startup folder of Windows. This means that the malicious code starts automatically when the user boots up their system.
First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmission, resulting in arbitrary remote code execution. https://t.co/kAv9eWfXlG
— Tavis Ormandy (@taviso) January 11, 2018
uTorrent tried fixing the bug by adding patches, but it seems like the flaws can still be exploited. Users will have to wait till an updated version of the app is available. We would advise all you pirates out there to stop using the app until a new version is available.
