A BitTorrent client with more than 100 million users suffered numerous critical vulnerabilities including remote code execution and copying downloaded files, according to new information from Google’s Project Zero. Users were left exposed for several hours on Tuesday when the bug was public and a new security patch didn’t quite work. A new and effective patch was delivered Tuesday night. Google security researcher Tavis Ormandy informed BitTorrent Inc. of the issues with the uTorrent client in December 2017. A patch was made public early Tuesday but Ormandy says that, after a small tweak, his exploits continued to work in the default configuration. “This issue is still exploitable,” Ormandy explained. “The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch.” On late Tuesday night, BitTorrent Inc.’s […]
The post uTorrent vulnerabilities allow information disclosure and remote code execution appeared first on Cyberscoop.
Continue reading uTorrent vulnerabilities allow information disclosure and remote code execution→