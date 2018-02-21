uTorrent Client Affected by Some Pretty Severe Security Flaws (bleepingcomputer.com) 25
A Google security researcher has found multiple security flaws affecting the uTorrent web and desktop client that allow an attacker to infect a victim with malware or collect data on the users' past downloads, reports BleepingComputer. From the report: The vulnerabilities have been discovered by Google Project Zero security researcher Tavis Ormandy, and they impact uTorrent Web, a new web-based version of the uTorrent BitTorrent client, and uTorrent Classic, the old uTorrent client that most people know. Ormandy says that both uTorrent clients are exposing an RPC server -- on port 10000 (uTorrent Classic) and 19575 (uTorrent Web). The expert says that attackers can hide commands inside web pages that interact with this open RPC server. The attacker only needs to trick a user with a vulnerable uTorrent client to access a malicious web page. Furthermore, the uTorrent clients are also vulnerable to DNS rebinding -- a vulnerability that allows the attacker to legitimize his requests to the RPC server.
Re: (Score:2)
"i thought people stopped using it once it started showing advertisements?"
Just switch the ad-showing off in the settings like everybody else.
Re: (Score:1)
Yet another "don't click shit" (Score:2)
"The attacker only needs to trick a user with a vulnerable uTorrent client to access a malicious web page. "
Sys admins need an addon that just removes all links from a webpage. Know the URL you want or suffer.
Really classic uT doesn't seem to be vulnerable (Score:2)
Re: (Score:2)
All they did was add another token to break the original exploit, revised exploit still works.
Re: (Score:2)
Re: (Score:2)
My build 25273:
Trigger crash: nothing
Pairing request: popup with request, can deny or accept. If denied, nothing
PIN request: same as pairing request
Device transfer: nothing
Connected to PIA VPN, if that is relevant.
Google Project Zero internals (Score:2)
What's the greater risk (Score:1)
Re: (Score:2)
"using uTorrent to download questionable files from unknown sources,
..."
That's sort of uTorrent's thing.
Transmission (Score:2)
Makes me glad I switched to Transmission, no BS there, just a simple torrent client.
Meh (Score:1)
Whenever they decided to put ads in the client. Moved over to qBitTorrent.
qbitorrent ? (Score:1)
I thought most everyone switched to qbitorrent years ago when they started showing ads and other strange things. My main tracker doesn't even allow Utorrent anymore. I'm guessing q isn't affected by this?
Use qBittorrent (Score:2)