Click here to sign up for our newsletter & receive a £5 voucher![close]
×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

uTorrent Exploit Allows Hackers Remotely Control Your PC

Google's Project Zero has been busy uncovering vulnerabilities in a wide range of products and services, most notably rooting out CPU flaws that became known as Spectre and Meltdown. While mitigations are still ongoing, Project Zero continues to look for security issues across the board. The latest one that Project Zero found is a remote code execution vulnerability that exists in uTorrent.

The vulnerability exists in both the downloadable desktop client for Windows and the new uTorrent Web service that runs in a browser window and allows users to stream torrents from it. Project Zero points out that by default, the web version is configured to run at startup with Windows, so it's always running and accessible.

"By default, Utorrent creates an HTTP RPC server on port 10000 (uTorrent Classic) or 19575 (uTorrent Web). There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). To be clear, visiting *any* website is enough to compromise these applications," Project Zero explains.

The vulnerabilities, which are apparently easy to exploit, could allow a rogue website to control uTorrent (both the desktop client and web app). In doing so, an attacker could force a user to unwittingly download malicious software to their PC's startup folder, and it would automatically run the next time his or her system boots. Rogue sites could also peek into a user's download history and see what files have been downloaded.

Multiple sites report that uTorrent has update its desktop application to address the issue, and that versions 3.5.3.44352 and above are not affected. If you are using a previous version, check for an update, either through the application itself or by downloading a new client.

').insertAfter(jQuery('#initdisqus'));
}
loadDisqus(jQuery('#initdisqus'), disqus_identifier, url);

}
else {
setTimeout(function () { disqusDefer(); }, 50);
}
}

disqusDefer();

function loadDisqus(source, identifier, url) {

if (jQuery("#disqus_thread").length) {
jQuery("#disqus_thread").remove();
}
jQuery('

').insertAfter(source);

if (window.DISQUS) {

DISQUS.reset({
reload: true,
config: function () {
this.page.identifier = identifier;
this.page.url = url;
}
});

} else {

//insert a wrapper in HTML after the relevant "show comments" link

disqus_identifier = identifier; //set the identifier argument
disqus_url = url; //set the permalink argument

//append the Disqus embed script to HTML
var dsq = document.createElement('script'); dsq.type = 'text/javascript'; dsq.async = true;
dsq.src = 'https://' + disqus_shortname + '.disqus.com/embed.js';
jQuery('head').append(dsq);

}

jQuery('.show-disqus').show();
source.hide();
};

function disqusEvent()
{
idleTime = 0;
}

Go to Source