An unpleasant surprise awaits torrent tracker users. Serious vulnerabilities were found in one of the most popular torrent clients - uTottent.
Tavis Ormandy - security researcher from Google Project Zero - shared his finding. According to him, the vulnerability in uTorrent allows attackers to track the history of downloads and gain access to the downloaded files. But more importantly, with its help hackers can execute malicious code on attacked system and upload it to Windows startup folder. Recall that not too long ago, Ormandy already reported a similar vulnerability in another BitTorrent client - Transmission.
Curiously, the vulnerability was discovered back in November 2017. At the same time, Tavis shared the finding with the developers from BitTorrent. Both uTorrent Web and uTorrent for Windows are known to be vulnerable to the vulnerability. An update that would fix the flaw has not yet been released, although company representatives claim to have been able to fix the problem in the latest beta version of uTorrent.
There is currently no way around the discovered vulnerability. Therefore, all uTorrent users are advised to stop using the program until an update is released that will fix the flaw. It is expected that its release can be expected in one day.