µTorrent security flaw exposed by Google security researcher
Google researcher Tavis Ormandy discovered a security vulnerability within µTorrentthat details how an outside user to manipulate another user's computer using the torrent application's remote control feature.
Ormandy first reached out to µTorrent developer BitTorrent, Inc. about the vulnerability in the application in November of 2017, with Google's Project Zero security team providing the company its standard 90-day window to address the vulnerability before it is made public knowledge.
BitTorrent, Inc. has released the following statement about the matter:
“On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build 220.127.116.11352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. adding a torrent)."