Detects two serious vulnerabilities on uTorrent that can help hackers execute malicious code or view download history on your computer

Google Zero project researchers have discovered two serious Remote Code Execution vulnerabilities in the popular versions of uTorrent web and desktop versions of BitTorrent. Hackers can take advantage of these two vulnerabilities to view the history of downloading or executing malware on a user's computer.

Security researcher Tavis Ormandy had to wait 90 since he notified uTorrent to announce his findings to users.

Tavis Ormandy's announcement on Twitter.

According to Ormandy, uTorrent's desktop version and web version vulnerabilities are related to various JSON-RPC issues. Both use a web interface to display web content.

By hiding commands (downloading malware to your computer's startup folder or accessing user download information) within web pages and interacting with uTorrent's RPC servers, An attacker with a fake website can exploit the client side vulnerability.

BitTorrent said the vulnerability was fixed in the most recent beta version of the desktop uTorrent Windows app. A patch for existing customers will be released in the next few days.

To fix this vulnerability, users can download a vulnerable version of the desktop version 3.5.3.44352 (http://www.utorrent.com/downloads/complete/track/beta/os/win) .

See more:

1. The source code for iOS is revealed on GitHub as 'real goods', this is the time to reveal the biggest information in history
2. How to protect high-risk network ports?
3. Microsoft released an emergency patch for Windows, turned off the Specter patch, causing a drop in system performance
4. Critical vulnerabilities discovered in Framework Electron, Skype, Slack, Twitch and a series of affected apps