Petteri Pyyny
22 Feb 2018 8:06
BitTorrent and its lighter version, uTorrent have a serious security flaw.
Google researcher found a technique that allows attackers to direct DNS requests to user's computer, allowing to spoof the download sources, download files, add them to startup folder and more.
All versions of uTorrent and BitTorrent are affected and bug is only fixed in latest beta.
"On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user's consent (e.g. adding a torrent).
BitTorrent was also made aware yesterday that it's new beta product, uTorrent Web, is vulnerable to a similar bug. "