Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer
Google Zero project researchers have discovered two serious Remote Code Execution vulnerabilities in the popular versions of uTorrent web and desktop versions of BitTorrent. Hackers can take advantage of these two vulnerabilities to view the history of downloading or executing malware on a user's computer.
Security researcher Tavis Ormandy had to wait 90 since he notified uTorrent to announce his findings to users.
Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer Picture 1
Tavis Ormandy's announcement on Twitter.
According to Ormandy, uTorrent's desktop version and web version vulnerabilities are related to various JSON-RPC issues. Both use a web interface to display web content.
By hiding commands (downloading malware to your computer's startup folder or accessing user download information) within web pages and interacting with uTorrent's RPC servers, An attacker with a fake website can exploit the client side vulnerability.
Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer Picture 2
BitTorrent said the vulnerability was fixed in the most recent beta version of the desktop uTorrent Windows app. A patch for existing customers will be released in the next few days.
To fix this vulnerability, users can download a vulnerable version of the desktop version 3.5.3.44352 (http://www.utorrent.com/downloads/complete/track/beta/os/win) .
See more:
- The source code for iOS is revealed on GitHub as 'real goods', this is the time to reveal the biggest information in history
- How to protect high-risk network ports?
- Microsoft released an emergency patch for Windows, turned off the Specter patch, causing a drop in system performance
- Critical vulnerabilities discovered in Framework Electron, Skype, Slack, Twitch and a series of affected apps
Jessica TannerYou should read it
- EternalRocks - more dangerous malicious code than WannaCry exploits up to seven NSA vulnerabilities
- Find bug in Emotet malware, prevent it from spreading for 6 months
- Critical error on Skype allows hackers to execute malicious code remotely
- Detects code execution vulnerabilities in WinRAR, noting more than 100 infringement cases
- Microsoft expert discovered a series of serious code execution errors in IoT, OT devices
- Download uTorrent 3.5.5.45798
- Hacker exploited three vulnerabilities in Microsoft Office to spread Zyklon malware
- Signs that your computer is infected with malware
- Warning of new malware appear like Wannacry, capable of deleting Vietnamese percussion on computer
- CertUtil.exe allows an attacker to download malicious code and bypass antivirus software
- Critical error on Apache Struts2 allows hackers to take over the web server
- The malicious video file causes users to lose control of the device 'storming' in the Android world
Attack the network
Intel released a new patch to fix the Specter and Meltdown vulnerabilities- Discover a new kind of malicious code that can record the phone call to extort money
- Apple shows users how to distinguish phishing emails from the App Store
- Kali Linux is available on the Windows Store but is flagged by Windows Defender
- Microsoft released an emergency security patch for a serious vulnerability
- The risk of losing all passwords is due to the built-in password management tool on Windows 10
Intel released a new patch to fix the Specter and Meltdown vulnerabilities
Discover a new kind of malicious code that can record the phone call to extort money
Apple shows users how to distinguish phishing emails from the App Store
Kali Linux is available on the Windows Store but is flagged by Windows Defender
Microsoft released an emergency security patch for a serious vulnerability
The risk of losing all passwords is due to the built-in password management tool on Windows 10