Two weeks ago we reported that several versions of the popular BitTorrent client uTorrent were vulnerable to a remote DoS attack.
The vulnerability was discovered by Luigi Auriemma, a Milan-based security expert. He claimed that various BitTorrent clients were subject to this security flaw, based on the way they handle user-supplied data. The vulnerability was not critical, but it did allow attackers to remotely crash the application.
In a response, the uTorrent team stated that several of the older uTorrent releases were also affected. Luckily, they quickly released a new build – uTorrent 1.7.6 (build 7859), in which they fixed the issue, and the latest stable release is now safe as well.
The latest stable release of uTorrent adresses both the remote crash bug in WebUI and the (potential) remote crash bug with extension protocol. In the release notes we read: “1.7.7 is released to fix some potential security exploits. Barring any other security issues before the release of 1.8, this will be the last 1.7.x release.”
uTorrent is by far the most used BitTorrent client, and is installed on 5% of all Windows PCs worldwide, according to recent reports. The BitTorrent mainline client – also developed by BitTorrent Inc. – comes in second place, before Azureus and BitComet.
The latest stable release can be downloaded over here, upgrading is of course recommended.