You can now find Cyber Kendra on Google News | Telegram

Critical Remote Code Execution Bug Puts Millions of uTorrent Users under Risk

Critical Remote Code Execution Bug Puts Millions of uTorrent Users under Risk, utorrent - JSON-RPC Remote Code Execution / Information Disclosure
A BitTorrent client which was being used by more than 100 millions users have multiple critical security vulnerabilities that includes Remote Code Execution and copying downloads files - report Tarvis Ormandy, Google Security Researcher.

The bug was reported to BitTorrent (Parent of uTorrent) on last December, and firm have issued a patched for the bug on Tuesday. After the patch was released Ormandy noted if a small tweaks made to his exploit then also his exploit works with the default configuration.

uTorrent have already got the notification about the bug after patch and they said uTorrent team is testing fix and users can expect another updates within next 24 hrs. 

The unpatched version of the server contained vulnerabilities that could be exploited through any website by basic requests - so basic that Ormandy called them “so trivial.”
“By default, utorrent create an HTTP RPC server on port 10000 (uTorrent classic) or 19575 (uTorrent web),” Ormandy wrote. “There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). To be clear, visiting *any* website is enough to compromise these applications.” 

Post a Comment

Cookie Consent
We serve cookies on this site to analyze traffic, remember your preferences, and optimize your experience.
It seems there is something wrong with your internet connection. Please connect to the internet and start browsing again.
AdBlock Detected!
We have detected that you are using adblocking plugin in your browser.
The revenue we earn by the advertisements is used to manage this website, we request you to whitelist our website in your adblocking plugin.
Site is Blocked
Sorry! This site is not available in your country.