uTorrent Windows Apps Contain Security Flaws That Let Attackers Control Your Computer, Fixes Coming

Advertisement
By Sumit Chakraborty | Updated: 22 February 2018 12:29 IST
Highlights
  • Google Project Zero researcher found out the critical bugs
  • Hackers can potentially download malware and access download history
  • Exploit affects all unpatched Windows versions of uTorrent

A Google Project Zero researcher has discovered critical bugs in two versions of the popular uTorrent app. With millions of daily users, uTorrent is considered one of the most widely used torrent clients. However, parent company BitTorrent was alerted to the serious security issue. Google researcher Tavis Ormandy has detailed several exploits in Windows versions of the software that lets attackers intrude into a user's computer.

Because it is a DNS rebinding issue, hackers can potentially execute remote code, download malware to the computer's startup folder, launch malware on reboot, access downloaded files, as well as peep at the user's download history, Ormandy said. While the exploit affects all unpatched versions, it primarily affects uTorrent Web, the newer version of the popular BitTorrent client, as it has a serious remote code execution bug, as per the Google researcher. The examples of exploits, as mentioned by Ormandy, include one for uTorrent Web, and two for uTorrent desktop.

Advertisement

Meanwhile, as per a TorrentFreak report, BitTorrent had rolled out a 'patch' in the latest Beta release and promises to fix the stable uTorrent client soon. Later, in an official statement, the company said, "Our fix is complete and is available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user's consent (e.g. adding a torrent)."

However, Ormandy had expressed his displeasure with BitTorrent's response. He said, BitTorrent just added a second token to uTorrent Web which does not solve the issue. Further, he wrote, "I just fixed the exploit and verified it still works. I would recommend asking BitTorrent to resolve this issue if you're affected, and it works in the default configuration so you probably are. Sigh."

It is not clear if an attacker has made use of the exploits in the wild. However, it will only take one visit to a targeted website to trigger a hack. In order to stay safe, users can either disable uTorrent for now or upgrade to the latest Beta release. The uTorrent version 3.5.3.44352, is available for download and uTorrent Web users can update to the latest available build 0.12.0.502.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day Laptop Deals: Best Discounts on HP, Asus, Lenovo and More
  2. Best Gaming Laptops Under Rs. 80,000 in India
  3. iPhone 18 May Receive RAM Boost to Handle Apple Intelligence Better
  4. Everything We Know About the Nothing Phone 4b
  5. Amazon Prime Day 2026: Best Deals on Redmi and Xiaomi Smartphones
  6. Xiaomi 18 Pro Max Prototype Leaked With Dual 200MP Cameras, 100W Charging
  1. Xiaomi 18 Pro Max Camera, Display, Battery Details Tipped; May Get 8,500mAh Battery, 200-Megapixel Cameras
  2. iPhone 18, iPhone 18e Tipped to Get 9GB RAM Upgrade for Apple Intelligence; Pro Models May Stick With 12GB
  3. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  4. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  5. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  6. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  7. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  8. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  9. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  10. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.