Tavis Ormandy, a researcher from Google's Project Zero, reports that the uTorrent software on Windows has vulnerabilities that can be used to execute arbitrary code, downloading malware into the Windows startup folder (to run at reboot times). Next, copy the downloaded file and view the download history.Ormandy discovered that the uTorrent loopholes were a DNS rebinding vulnerability, causing the attacker to resolve the web domain on the user's computer and store the keys for access. The vulnerability has been resolved by BitTorrent.
BitTorrent and uTorrent Web now have patches for uTorrent and BitTorrent to be updated to Build 3.5.3.44352. The uTorrent Web version is updated to 0.12.0.502, which BitTorrent recommends. Always use the latest version updates.
No comments:
Post a Comment