uTorrent 1.7.7 Stable Fixes Security Issues
Written by Ernesto on January 27, 2008The uTorrent development team just released 1.7.7 stable. The new version is the latest 1.7 release, and fixes the vulnerability that allowed attackers to remotely crash the BitTorrent client.
Two weeks ago we reported that several versions of the popular BitTorrent client uTorrent were vulnerable to a remote DoS attack.
The vulnerability was discovered by Luigi Auriemma, a Milan-based security expert. He claimed that various BitTorrent clients were subject to this security flaw, based on the way they handle user-supplied data. The vulnerability was not critical, but it did allow attackers to remotely crash the application.
In a response, the uTorrent team stated that several of the older uTorrent releases were also affected. Luckily, they quickly released a new build - uTorrent 1.7.6 (build 7859), in which they fixed the issue, and the latest stable release is now safe as well.
The latest stable release of uTorrent adresses both the remote crash bug in WebUI and the (potential) remote crash bug with extension protocol. In the release notes we read: “1.7.7 is released to fix some potential security exploits. Barring any other security issues before the release of 1.8, this will be the last 1.7.x release.”
uTorrent is by far the most used BitTorrent client, and is installed on 5% of all Windows PCs worldwide, according to recent reports. The BitTorrent mainline client - also developed by BitTorrent Inc. - comes in second place, before Azureus and BitComet.
The latest stable release can be downloaded over here, upgrading is of course recommended.
Previously: The Pirate Bay Now Tracks 1 Million Torrents, 10 Million Peers
Next: Most Popular DVDrips on BitTorrent (wk4)
42 Responses
utorrent 1.7.6 is fucked up. Can’t get my torrents to work and a roll back doesn’t do anything either. Been working on this for the last couple of days and now in the process of installing my windows again
hes blown
To all you 1.7.X’s out there, try the new 1.8 Alpha instead.
I’s much more solid =)
µTorrent 1.8 Build 8188 Alpha
http://forum.utorrent.com/viewtopic.php?id=31998
It’s no suprise the alpha is more stable than the “stable”.
uT has a bad habbit of calling everything they release in the 1.7.x branch a stable, despite having to regularly release 2 or 3 versions in the same week.
I wonder if the Private trackers already support them. I won’t upgrade until my trackers say it’s A.OK
I converted to Azureus about a week ago from uTozz don’t really see any reason for changing back now!
[quote comment="273464"]I converted to Azureus about a week ago from uTozz don’t really see any reason for changing back now![/quote]
The fact that uTorrent is better isn’t a good enough reason?
[quote comment="273473"][quote comment="273464"]I converted to Azureus about a week ago from uTozz don’t really see any reason for changing back now![/quote]
The fact that uTorrent is better isn’t a good enough reason?[/quote]
Whatever…
is you on crack or somethin’?
Still using uTorrent 1610 and never had problems…Should I be worried?
No, you don’t have to worry. 1.6.1 does not have this issue, however all other versions between there and 1.7.6 have the security issue. I have upgraded to 1.7.7 and it works fine, hopefully this is the last time that I have to think about this for a while.
I have and i use version 1.6.1.490 for long time. Works perfect, is stable, never had problems. It was time the real guy was programmer for utorrent. Now utorrent got fucked up by other boys have no skills about good programming!
[quote comment="273510"]I have and i use version 1.6.1.490 for long time. Works perfect, is stable, never had problems. It was time the real guy was programmer for utorrent. Now utorrent got fucked up by other boys have no skills about good programming![/quote]
WA GWAN?
DIS BWOY BE RA-III-GHT!
BOOYAKASHAH!
(Is it cos I is black?)
From a privet site that is on the ball, pretty strict regarding what clients they will allow.
There is an EXPLOIT in All versions of uTorrent below version 1.7.7 (including uTorrent 1.6 but not 1.6.1) that can allow an attacker to crash your client and possible code execution on your machine. In 1.7.6 it affected the webUI part.
Until further notice 1.6 and 1.6.1 are still allowed but version 1.7.5 and 1.7.6 is now banned. We do recommend you upgrade to uTorrent 1.7.7 if running uTorrent 1.7.5 or 1.7.6.
Well too bad Bitorrent isn’t open source anymore you dumbasses, :)) hahahahahaha die sharers die!
Use the 1.8 alpha. I’ve gone from around 1.8mb/s on 1.7.4 to 2.3mb/s on a 20mbit line with it!
[quote comment="273538"]Well too bad Bitorrent isn’t open source anymore you dumbasses, :)) hahahahahaha die sharers die![/quote]
Kindly fuck off.
for seeding large amount of data or torrents, rtorrent looks best.
Its not windows compatible UI program but it can easy run it on your home router with attached storage or NAS. With GUI running on windows.
azureus <3
i never had any problems with any version of utorrent.
I upgraded as soon as soon it came out. In fact, i’m the lulz who sent this in. =P
Just have a question. If i use the 1.8 alpha on private trackers, and it’s banned, will my ass be banned too? I don’t want to take the risk.
[quote comment="273744"]Just have a question. If i use the 1.8 alpha on private trackers, and it’s banned, will my ass be banned too? I don’t want to take the risk.[/quote]
No, you just won’t be able to connect. Most private trackers allow the beta, though.
Ernesto likes it in the ass
[quote comment="273538"]Well too bad Bitorrent isn’t open source anymore you dumbasses, :)) hahahahahaha die sharers die![/quote]
It still is. It’s just no longer used by Bittorrent.com as a mainline client. If you want a badass Open Source client, get Deluge.
dibbott is bitmetvs in-house village idiot.
[quote comment="273934"][quote comment="273538"]Well too bad Bitorrent isn’t open source anymore you dumbasses, :)) hahahahahaha die sharers die![/quote]
It still is. It’s just no longer used by Bittorrent.com as a mainline client. If you want a badass Open Source client, get Deluge.[/quote]
Unfortunatly, Deluge is currently so unstable that is completly not usable ;( But some day, who knows…
my peerguardian is blocking the site how can that be?
so the 1.7.6 its no good anymore???
uninstall that pos peerguardian. it was made by noobs for super noobs.
@ 24, Your douche-bag. Go lick a electrical socket or something.
[quote comment="274199"]@ 24, Your douche-bag. Go lick a electrical socket or something.[/quote]
Ugh, learn to spell.
“your douche-bag”…
Ok, repeat after me:
You’re a douche bag.
Can you handle that? Cool.
Also - go lick AN electrical socket.
tl;dr Eat shit and fuck off, Ernesto DOES like it in the ass.
Did Kaspersky Internet Security 7 reported 1.7.7 as trojan to any1 else?
Oh crap. I got AIDS from updating. Oh shi…j/k…stop complaining guys, this is safe.
Calvin LOL
I know its safe, i Allowed, i was just wondering if KIS7 had the same errors with other guys.
I’m not ‘new’ in BT world xD
[quote comment="273489"][quote comment="273473"][quote comment="273464"]I converted to Azureus about a week ago from uTozz don’t really see any reason for changing back now![/quote]
The fact that uTorrent is better isn’t a good enough reason?[/quote]
Whatever…[/quote]
System Resources. Azureus hogs my pooter. Unforgivable. Not to mention the security flaw of having Java running 24/7 so you can use Azureus.
yaknow i dont trust utorrent anymore - as soon as bram got involved and bought that thing up all hope of ever opening that source died. and lets all remember how lame his python client was ~_~
if i see that fucking whine one more time…
utorrent was closed source from the beginning.
there has been no proof of utorrent reporting sensitive data to riaa/mpaa/whatever/cocks.
you’ve had your brain fried from all the heat building up under that tinfoil hat.
Calm down girls.
Isnt utorrent associated with mpaa/riaa even their site used to redirect to mpa/riaa site wahtever lol. I’m still confused with this, stuck with version 1.6 cause no one messed with it, then after 161 I thought i heard riaa was helping utorrent late version so hm.
TO ALL DOWNLOADERS….!!!!
I am a debut artist who’s just recorded one of the most expensive debut albums in recent history.
We have just released my debut album as a FREE HQ Mp3 download.
It was a tough decision for us to make because of the vast amounts spent on the album. We had two of the biggest record producers in the world work on it…. at Peter Gabriel’s Realworld studio and at Abbey Road studio in london.
Despite all that, we recognise the massive potential the internet and free albums in particular offers. We launched last friday and have already had 1000’s of DL’s all over the world.
Come over and download for FREE.. it takes 2 minutes to DL because we have a dedicated server.
http://www.jackrubinacci.com
Thanks
Jack
1 references to this post
Responses are closed
All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.