The stable 1.6.1 release is not yet on the download page, but is already available for download over here. The uTorrent team unintentionally resolved the exploit vulnerability in a beta version months ago according to former uTorrent developer Ludvig Strigeus.
Ludvig says that the issue was fixed in the latest beta that was released in July 2006. However, most people probably don’t dig that deep in the forums to find this beta, and still use the latest stable version. It is unclear why it took more than six months to make this “non exploitable” version public, but I guess they had other things on their mind.
Time to update!
Update: uTorrent 1.6.1 is now listed on the uTorrent download page.
— 2007-02-13: Version 1.6.1 (build 488)
– Feature: Select upload/download speed for a torrent through the rightclick menu
– Feature: Added encryption box to speed guide
– Change: Don’t check as many pieces at the same time.
– Change: Misc WebUI changes.
– Change: Switch to JSON for webinterface
– Fix: Problem with category list in the gui when updated from the webui
– Fix: WebUI not clearing state between requests.
– Fix: Redirect also index.html to guest.html
– Fix: Added On Now shows the time it’s added, not loaded.
– Fix: JSON uses ” instead of ‘
– Fix: (a) Upnp fix
– Fix: Show pause icon when checking is paused.
– Fix: Fixed problems with XML parser
– Fix: Don’t allow two message boxes to be shown in the RSS window
– Fix: Changed some window titles
– Fix: Fix malformed .torrent exploit
– Fix: Boss key field is now larger
