Do you use uTorrent on your computer? A security breach can cause a third party to take control of your PC

Yesterday the news was the closure of some very popular web pages dedicated to facilitating the downloading of multimedia content. Pages that offered direct download links but also Torrent links. Some links for which you have to use a specific type of program, being the uTorrent client one of the most used

A client for downloads that is once again in the eye of the hurricane for not exactly good news. And it is that uTorrent (in the form of an application or in the web version) is the victim of a security flaw that seriously endangers the users who use it by allowing remote access and control of our equipment.

This is a security flaw that has already been known since the beginning of the year and as in other cases has come to light thanks to Google's Project Zero research groupWe are within the 90-day period that Project Zero always gives before making the bug public, a time that the developer has to address the problem.

The bug allows a third party to take control of our equipment and access user data thanks to the control functionality remote offered by uTorrent. A problem that is still present in the application that we may have installed on our computer.

And since it was discovered, the problem is still present. The uTorrent developers have not released any patch that fixes the problem, at least in the stable version of the application (the effective patch only exists for the Beta version) .

BitTorrent, the company behind uTorrent claims that the latest version of the application that can be downloaded, the one that comes with number 3.5.3.44352, already has the error corrected, something that Tavis Ormandy (one of the researchers at Project Zero) does not share, which he defends in his account Twitter that the patch does not work correctly at least in the web version of uTorrent.

Also web version

And it is not only the application that is affected by the security flaw, as the new web version of uTorrent has been affected, this being the one that has been the most affected by this threat according to Ormandy This is because the attacker only has to trick the user into accessing a web page so that he can obtain the server's secret authentication key and thus download _malware_ on the victim's computer.

In this way it is advisable to be attentive to the available updates that we can find in the coming days within the application and meanwhile have take into account the risk to which we can expose our equipment if we use uTorrent to manage our downloads.

Source | Torrentfreak