One of the most popular BitTorrent apps – uTorrent – has been found to be vulnerable to easily exploited flaws that could allow hackers to perform a variety of malicious actions. More specifically, two versions of the app are vulnerable to code execution that could lead to access to the victim’s downloaded files.
The finding belongs to Google Project Zero researcher Tavis Ormandy. Currently, the developers of uTorrent are working on releasing fixes for the desktop Windows app and the Web version as well.
How Do the uTorrent Bug Endanger Users?
According to the research, the vulnerabilities enable any website the potential victim visits to control important functionalities in the both the desktop and web versions of uTorrent. The Web uTorrent is an alternative to the desktop version that uses a Web interface and is controlled by the particular browser. The most dangerous case is brought by malicious websites that can exploit a variety of flaws, the uTorrent bugs inclusive.
In this case, a malicious site leveraging the flaw could download malevolent code into the Windows startup folder. Once this is done, the code will be activated the next time the system is booted. In addition to malicious sites, any other website could also leverage the flaw by accessing downloaded files and even browse freely through the downloaded history of the victimized machine.
Users Should Download uTorrent/BitTorrent 22.214.171.124352
According to Dave Rees, the VP of engineering of BitTorrent, the flaw has been addressed in a beta release of the desktop version of uTorrent. However, the fix is yet to be delivered to users who already have the production version installed on their systems. Nonetheless, users can still download the fixed version of uTorrent – uTorrent/BitTorrent 126.96.36.199352.”We highly encourage all uTorrent Web customers to update to the latest available build 0.12.0.502 available on our website and also via the in-application update notification,” the VP said.