uTorrent Exploit Allows Hackers To Remotely Control Your PC


Google's Project Zero has been busy uncovering vulnerabilities in a wide range of products and services, most notably rooting out CPU flaws that became known as Spectre and Meltdown. While mitigations are still ongoing, Project Zero continues to look for security issues across the board. The latest one that Project Zero found is a remote code execution vulnerability that exists in uTorrent.

The vulnerability exists in both the downloadable desktop client for Windows and the new uTorrent Web service that runs in a browser window and allows users to stream torrents from it. Project Zero points out that by default, the web version is configured to run at startup with Windows, so it's always running and accessible.
"By default, Utorrent creates an HTTP RPC server on port 10000 (uTorrent Classic) or 19575 (uTorrent Web). There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). To be clear, visiting *any* website is enough to compromise these applications," Project Zero explains.

The vulnerabilities, which are apparently easy to exploit, could allow a rogue website to control uTorrent (both the desktop client and web app). In doing so, an attacker could force a user to unwittingly download malicious software to their PC's startup folder, and it would automatically run the next time his or her system boots. Rogue sites could also peek into a user's download history and see what files have been downloaded.

Multiple sites report that uTorrent has update its desktop application to address the issue, and that versions and above are not affected. If you are using a previous version, check for an update, either through the application itself or by downloading a new client.

Show comments blog comments powered by Disqus