Some critical bugs were recently found in a popular BitTorrent client called uTorrent for Windows. A researcher at Google Project Zero made the discovery. The problem has been acknowledged already and under the process of being fixed for all users. These exploits had potential to let attackers gain control of users computer.
These were security flaws courtesy of a DNS rebinding issue, which allows attackers to run malicious code on users’ system remotely. This causes malware to spread upon rebooting of the system. Once this is done, the attacker can access downloaded files, download history and gain key function controls for any website that the affected user visits. A Google Project Zero researcher also stated this exploit affects all the unpatched versions of the app.
What’s Domain Name System (DNS) rebinding, you may ask? It’s a feature that allows attackers make an untrusted Internet domain control the local IP address of the computer running the app.
BitTorrent’s VP of engineering, Dave Reed later stated in his e-mail this issue had been fixed in a beta release of the uTorrent Windows desktop app. However, users, especially the ones with the production version of the app installed, are yet to receive the update.
The fixed version of the app is available on the company’s official website for download and will be rolled out via OTA in the coming days. Additionally, Reed also said uTorrent Web app has also been patched. They’ve recommended users to update the app.