Given that uTorrent is one of the most popular torrent clients around, there is a good chance that many of you currently use it. If you have it installed, then be sure to upgrade to the latest version, as multiple security flaws were recently discovered in the software, and have since been patched.
Google’s Project Zero security expert, Travis Ormandy, recently reported multiple security issues with the uTorrent client for web and desktop. These security flaws open the door up for attackers to view past downloads, steal data or infect the user’s PC.
The issues were caused by the uTorrent client exposing an open remote procedure call (RPC) server. RPCs are particularly common in torrent software, as they request a service from another computer on a different network. By abusing the RPC, hackers could hide commands for the RPC server in web pages and use that to pounce on unsuspecting users.
“By default, uTorrent create an HTTP RPC server on port 10000 (uTorrent classic) or 19575 (uTorrent web). There are numerous problems with these RPC servers that can be exploited by any website using XMLHTTPRequest(). To be clear, visiting *any* website is enough to compromise these applications”, Travis Ormandy explained.
In order to be sure that you are protected from these security issues, you’ll need to make sure you have uTorrent Classic Version 220.127.116.11352 installed. Alternatively, if you use the web-based client, you will need version 0.12.0.502. These versions contain the latest security patches.
KitGuru Says: uTorrent is a very common client, so these issues had the potential to affect a lot of users. If you currently have uTorrent installed, then be sure to update to the latest version.