Tavis Ormandy, a vulnerability researcher at Google together with a usage of Google Project Zero, a squad of safety analysts specializing inward finding zero-day vulnerabilities, revealed on Midweek a vulnerability inward BitTorrent’s uTorrent Windows together with spider web customer that allows hackers to either found malware on the user’s reckoner or come across their download activity.
Google Project Zero published their research i time the 90-day window that it gave to uTorrent to fix the flaw earlier publicly disclosing it was over.
According to Ormandy, the flaws are slow to exploit together with buy the farm inward possible for hackers to remotely access downloaded files or download malware on their computers using the random token generated upon authentication.
He reported on Twitter that the initial fix that BitTorrent rolled out seemed to exclusively generate a bit token, which did non fix the flaw together with said, “you simply bring to fetch that token equally well.”
BitTorrent issued a contention on Midweek regarding the issue:
Google Project Zero published their research i time the 90-day window that it gave to uTorrent to fix the flaw earlier publicly disclosing it was over.
According to Ormandy, the flaws are slow to exploit together with buy the farm inward possible for hackers to remotely access downloaded files or download malware on their computers using the random token generated upon authentication.
He reported on Twitter that the initial fix that BitTorrent rolled out seemed to exclusively generate a bit token, which did non fix the flaw together with said, “you simply bring to fetch that token equally well.”
Hmm, it looks similar BitTorrent simply added a bit token to uTorrent Web. That does non solve the DNS rebinding issue, it simply broke my exploit. 😩— Tavis Ormandy (@taviso) February 20, 2018
BitTorrent issued a contention on Midweek regarding the issue:
On Dec 4, 2017, nosotros were made aware of several vulnerabilities inward the uTorrent together with BitTorrent Windows desktop clients. We began travel directly to address the issue. Our fix is consummate together with is available inward the virtually recent beta liberate (build 3.5.3.44352 released on sixteen Feb 2018). This week, nosotros volition start to deliver it to our installed base of operations of users. All users volition hold upwards updated alongside the fix automatically over the next days. The nature of the exploit is such that an assaulter could arts and crafts a URL that would displace actions to trigger inward the customer without the user’s consent (e.g. adding a torrent).
