Sci-tech

UTorrent vulnerabilities leave users at risk of hacking and snooping

UTorrent vulnerabilities leave users at risk of hacking and snooping”

The attacker only needs to trick a user with a vulnerable uTorrent client to access a malicious web page. Malicious websites can enter users' systems through the security holes and then insert malicious code into their Windows startup folder, Ars Technica explains. A Google Project Zero researcher named Tavis Ormandy was the first to highlight the flaw and demonstrate an exploit.

There's a serious security vulnerability affecting both the Windows desktop and Web version of uTorrent which could allow attackers to remotely execute code and wreak havoc on computers. The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. The company pushed out a patch for the security bugs in the next beta version, but there seem to be conflicting reports about whether or not the patch actually fixes the security holes. However, Ormandy was skeptical the uTorrent Web client had been fully fixed, believing the software to still be vulnerable to attack.

BitTorrent, Inc., the company behind uTorrent, has released version 3.5.3 Beta for the uTorrent Classic client to address the issues, which is expected to reach the stable branch in the coming days.

BitTorrent chose to issue a statement on the matter recently, confirming Ormandy's research and explaining that an attacker could craft a URL which would trigger actions such as adding a torrent in the client without the user's consent.

More news: Birthday girl Rihanna pays tribute to her mother as she turns 30

BitTorrent told The Register the flaws should all be resolved this week, including the Web app Ormandy was concerned about.

"We highly encourage all uTorrent Web customers to update to the latest available build 0.12.0.502 available on our website and also via the in-application update notification", a spokesperson for BitTorrent said in an email.

"I've never had an open source project take this long to fix a vulnerability before, so I usually don't even mention the 90-day limit if the vulnerability is in an open source project". The uTorrent version 3.5.3.44352, is available for download and uTorrent Web users can update to the latest available build 0.12.0.502. BitTorrent, the developer of the uTorrent apps, claims that the bugs have now been fixed in a beta release of the uTorrent Windows desktop app. He also found a similar RPC server and DNS rebinding flaw in the Transmission client as well.



Like this

loading...
loading...

Latest


22 February 2018
Terrifying attack on barista in Kent caught on video
Police also say the assailant was wearing a gray hooded sweatshirt, black trousers and a black baseball hat with a brown bill. Police released the security footage of the terrifying attack in the hope it would lead to the suspect being identified.

22 February 2018
Cisco hits 17-year high after beat, analyst target hikes
Bank of America downgraded Cisco Systems, Inc . (NASDAQ:WING) has "Outperform" rating given on Monday, November 14 by Wells Fargo. Moreover, Jane Street Group Incorporated Lc has 0% invested in Hugoton Royalty Trust (NYSE:HGT) for 13,164 shares. (NYSE:HRC).

22 February 2018
Tops CEO confirms Chapter 11 filing
Tops Markets has filed for Chapter 11 bankruptcy, but the company isn't going anywhere. The company said employee wages and benefits will continue without interruption.

22 February 2018
Summit Financial Strategies Inc. Takes Position in Medtronic plc. (MDT)
Following the completion of the sale, the executive vice president now owns 88,818 shares in the company, valued at $7,355,906.76. It is negative, as 43 investors sold CVX shares while 696 reduced holdings. 17 funds opened positions while 44 raised stakes.

22 February 2018
Sands Bethlehem casino bid invalidated by Pa. Gaming Control Board
Full service casinos such as Sands Casino Resort Bethlehem can operate maximums of 5,000 slot machines and 250 table games. Each mini-casino can have 750 slot machines and license holders can pay another $2.5 million to operate 30 table games.

22 February 2018
MS Dhoni slammed magnificent 50's and Twitter gone insane
As the duo gave fans entertainment worth their money, in one of the rare moments, Dhoni was seen losing his cool at Pandey. It was a vintage Dhoni, who played some of his trademark shots to notch up his second fifty in the shortest format.

22 February 2018
Samsung Galaxy S9 leaked before official launch
Samsung typically refreshes that phone later in the year, and there's no indication a new model is coming next weekend. Features such as the Infinity Display and the incredible imaging capabilities can make the Galaxy S9 series stand out.

22 February 2018
Fate of Rahat Fateh Ali Khan's Bollywood song still undecided
Ever since Babul has taken a stand against Pakistani artistes, he has been receiving a lot of flak for his regressive measure. But it's important to clarify that our problem is not with the artists Atif or Rahat, but with their Pakistani nationality.

22 February 2018
Silicone Sealants Market by Product Types, Application and Growth Forecasts
It also includes the contact information of all local, regional and worldwide vendors for the composite materials market in the, . Both bottom-up and top-down approaches were used to arrive at the market size, in terms of value and volume.

22 February 2018
American International Group Inc. Boosts Stake in Raytheon (RTN)
It worsened, as 32 investors sold CCL shares while 232 reduced holdings. 128 funds opened positions while 644 raised stakes. Following the transaction, the director now directly owns 2,273 shares in the company, valued at approximately $422,391.59.