The vulnerability is now fixed, according to BitTorrent, which has now issued a patch in a beta release. “This requires some simple DNS rebinding to attack remotely, but once you have the secret you can just change the directory torrents are saved to, and then download any file anywhere writable.” In his proof of concept write-up, Ormandy said: “You can just fetch the secret and gain complete control of the service. He reported his findings to uTorrent’s parent company, BitTorrent, last year, but went public this week after the file-sharing service surpassed its 90-day patch deadline. The vulnerabilities were found by Google Project Zero researcher Tavis Ormandy back in November. exe file into the computer’s startup folder, which would then run malware when the system was rebooted. These commands include reading and copying torrents and downloads.Īnother flaw meant that hackers could download an arbitrary. JavaScript in a malicious web page can hijack the victim’s router, resulting in a DNS rebinding attack, forcing the hacker’s commands in the desktop app. The flaw was related to uTorrent’s remote feature for Windows, which gives users the option to manage torrents from a browser on another device. UTorrent users are being urged to update their apps after a bug left them open to remote code execution. Torrent client issues patch for RCE vulnerability that allows hackers to take full control of users’ devices.
0 kommentar(er)
