Sci-tech

UTorrent vulnerabilities leave users at risk of hacking and snooping

UTorrent vulnerabilities leave users at risk of hacking and snooping”

The attacker only needs to trick a user with a vulnerable uTorrent client to access a malicious web page. Malicious websites can enter users' systems through the security holes and then insert malicious code into their Windows startup folder, Ars Technica explains. A Google Project Zero researcher named Tavis Ormandy was the first to highlight the flaw and demonstrate an exploit.

There's a serious security vulnerability affecting both the Windows desktop and Web version of uTorrent which could allow attackers to remotely execute code and wreak havoc on computers. The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. The company pushed out a patch for the security bugs in the next beta version, but there seem to be conflicting reports about whether or not the patch actually fixes the security holes. However, Ormandy was skeptical the uTorrent Web client had been fully fixed, believing the software to still be vulnerable to attack.

BitTorrent, Inc., the company behind uTorrent, has released version 3.5.3 Beta for the uTorrent Classic client to address the issues, which is expected to reach the stable branch in the coming days.

BitTorrent chose to issue a statement on the matter recently, confirming Ormandy's research and explaining that an attacker could craft a URL which would trigger actions such as adding a torrent in the client without the user's consent.

BitTorrent told The Register the flaws should all be resolved this week, including the Web app Ormandy was concerned about.

"We highly encourage all uTorrent Web customers to update to the latest available build 0.12.0.502 available on our website and also via the in-application update notification", a spokesperson for BitTorrent said in an email.

"I've never had an open source project take this long to fix a vulnerability before, so I usually don't even mention the 90-day limit if the vulnerability is in an open source project". The uTorrent version 3.5.3.44352, is available for download and uTorrent Web users can update to the latest available build 0.12.0.502. BitTorrent, the developer of the uTorrent apps, claims that the bugs have now been fixed in a beta release of the uTorrent Windows desktop app. He also found a similar RPC server and DNS rebinding flaw in the Transmission client as well.



Like this

loading...
loading...

Latest


22 February 2018
Drive the Batmobile from the DC Super Heroes DLC Pack
A few years ago, Ben Affleck's new Batmobile from Batman v Superman: Dawn of Justice was added into the game too. Decal (Roadhog), and Player Banner, Flash - Speed Force Boost, Wheels, Decal (Venom), and Player Banner.

22 February 2018
The RSP Permian Inc (RSPP) Position Lowered by Tricadia Capital Management LLC
Zacks Investment Research downgraded shares of RSP Permian from a "strong-buy" rating to a "hold" rating in a report on Wednesday. The stock has "Buy" rating by Jefferies on Tuesday, January 12. (NYSE:RSPP) on Friday, October 30 with "Neutral" rating.

22 February 2018
Cisco hits 17-year high after beat, analyst target hikes
Bank of America downgraded Cisco Systems, Inc . (NASDAQ:WING) has "Outperform" rating given on Monday, November 14 by Wells Fargo. Moreover, Jane Street Group Incorporated Lc has 0% invested in Hugoton Royalty Trust (NYSE:HGT) for 13,164 shares. (NYSE:HRC).

22 February 2018
The Investors Sell Shares of American Airlines Group (AAL) on Strength (AAL)
Parametric Port Associates Limited Company stated it has 1.28M shares or 0.07% of all its holdings. (NYSE:DCI) for 2,135 shares. Buckingham Research reissued a buy rating on shares of American Airlines Group in a research report on Friday, October 27th.

22 February 2018
Ireland vs Wales, Six Nations 2018
They put a lot of points on them previous year , but this has been talked of as a potential banana skin for a long time. Fit-again fly-half Dan Biggar believes Saturday's Six Nations match against Ireland in Dublin is Wales' cup final.

22 February 2018
Mourinho Hails McTominay After Leaving Out Pogba For Sevilla Draw
The pacy Marcus Rashford and Anthony Martial were only late substitutes. He lost a couple of possessions, but he gave us also stability.

22 February 2018
Sands Bethlehem casino bid invalidated by Pa. Gaming Control Board
Full service casinos such as Sands Casino Resort Bethlehem can operate maximums of 5,000 slot machines and 250 table games. Each mini-casino can have 750 slot machines and license holders can pay another $2.5 million to operate 30 table games.

22 February 2018
Land Rover Explore is 'the toughest phone in the world'
You can tap away at the 5in full HD touchscreen with wet hands or chunky gloves, making it flawless for any outdoor adventure. The Explore claims to be "the toughest phone in the world", and is created to work in places other phones can't reach.

22 February 2018
Donald Trump's First Year Sparks Surge In Hate Groups Across US
The largest expansion was among black nationalist groups, up from 193 chapters in 2016 to 233 chapters in 2017. It also, for the first time , included two male supremacy groups that the SPLC said vilified women.

22 February 2018
American International Group Inc. Boosts Stake in Raytheon (RTN)
It worsened, as 32 investors sold CCL shares while 232 reduced holdings. 128 funds opened positions while 644 raised stakes. Following the transaction, the director now directly owns 2,273 shares in the company, valued at approximately $422,391.59.