µTorrent security flaw exposed by Google security researcher

Written about 3 years ago by IanDorfman

Google researcher Tavis Ormandy discovered a security vulnerability within µTorrentthat details how an outside user to manipulate another user's computer using the torrent application's remote control feature.

Ormandy first reached out to µTorrent developer BitTorrent, Inc. about the vulnerability in the application in November of 2017, with Google's Project Zero security team providing the company its standard 90-day window to address the vulnerability before it is made public knowledge.

BitTorrent, Inc. has released the following statement about the matter:

“On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. adding a torrent)."

For alternatives to Small µTorrent iconµTorrent (such as Small qBittorrent iconqBittorrent) that do not contain this vulnerability, AlternativeTo has got you covered!