One of the very used BitTorrent apps, uTorrent, is liable to security bugs which could enable attackers to take control of your machines and execute code. Multiple flaws have been reported?affecting the uTorrent web and desktop client?using a Google Project Zero security researcher.
Tavis Ormandy, who’s donrrrt regular name from the bug discovery world, said that the most traditionally used torrent app has some easy-to-exploit?vulnerabilities which you can use to carry out code and snoop on target’s download history. The bugs impact their new uTorrent Web, a completely new web-based sort of the uTorrent BitTorrent client, and uTorrent Classic, that old client that most people know and employ. The two of these industry is exposing?RPC server on port 10000 (uTorrent Classic) and 19575 (uTorrent Web).
RelatedBitTorrent Forum Hack Exposed User Passwords, Email and IP Addresses
To be clear, visiting *any* web site is enough to compromise these applications.
He noted that this uTorrent web may be the worst affected where attackers can download malware on track computer modify the default download folder spot to something such as the startup folder to be certain the malicious file is loaded the next time system boots up.
BitTorrent would not fix uTorrent bugs despite if 90 days
The bugs were first disclosed towards company on November 27 which made public after the 90-days disclosure deadline. BitTorrent, the developer in the uTorrent apps, claims the fact that bugs have finally been fixed?within a beta details reveals the uTorrent Windows desktop app.?For anybody who is cannot install the newest version, it can be advised that you just stop using?uTorrent Windows desktop app and uTorrent Web because there is no mitigation advice available. The fixed versions include:
- uTorrent/BitTorrent 188.8.131.52352 | download
- uTorrent Web 0.12.0.502 | download