uTorrent 1.7.7 Stable Fixes Security Issues

Written by Ernesto on January 27, 2008 

The uTorrent development team just released 1.7.7 stable. The new version is the latest 1.7 release, and fixes the vulnerability that allowed attackers to remotely crash the BitTorrent client.

utorrent logoTwo weeks ago we reported that several versions of the popular BitTorrent client uTorrent were vulnerable to a remote DoS attack.

The vulnerability was discovered by Luigi Auriemma, a Milan-based security expert. He claimed that various BitTorrent clients were subject to this security flaw, based on the way they handle user-supplied data. The vulnerability was not critical, but it did allow attackers to remotely crash the application.

In a response, the uTorrent team stated that several of the older uTorrent releases were also affected. Luckily, they quickly released a new build - uTorrent 1.7.6 (build 7859), in which they fixed the issue, and the latest stable release is now safe as well.

The latest stable release of uTorrent adresses both the remote crash bug in WebUI and the (potential) remote crash bug with extension protocol. In the release notes we read: “1.7.7 is released to fix some potential security exploits. Barring any other security issues before the release of 1.8, this will be the last 1.7.x release.”

uTorrent is by far the most used BitTorrent client, and is installed on 5% of all Windows PCs worldwide, according to recent reports. The BitTorrent mainline client - also developed by BitTorrent Inc. - comes in second place, before Azureus and BitComet.

The latest stable release can be downloaded over here, upgrading is of course recommended.

Previously: The Pirate Bay Now Tracks 1 Million Torrents, 10 Million Peers

Next: Most Popular DVDrips on BitTorrent (wk4)

42 Responses

Pages: « 1 [2] Show All

26 Jan 28, 2008 at 10:10 by bloke with bike

dibbott is bitmetvs in-house village idiot.

27 Jan 28, 2008 at 10:52 by Jovanka

[quote comment="273934"][quote comment="273538"]Well too bad Bitorrent isn’t open source anymore you dumbasses, :)) hahahahahaha die sharers die![/quote]
It still is. It’s just no longer used by Bittorrent.com as a mainline client. If you want a badass Open Source client, get Deluge.[/quote]

Unfortunatly, Deluge is currently so unstable that is completly not usable ;( But some day, who knows…

28 Jan 28, 2008 at 12:51 by psycho

my peerguardian is blocking the site how can that be?

29 Jan 28, 2008 at 14:41 by rentero

so the 1.7.6 its no good anymore???

30 Jan 28, 2008 at 14:46 by Amomynous

uninstall that pos peerguardian. it was made by noobs for super noobs.

31 Jan 28, 2008 at 16:44 by TypingLOL_CauseCancer

@ 24, Your douche-bag. Go lick a electrical socket or something.

32 Jan 28, 2008 at 16:57 by Anonymous

[quote comment="274199"]@ 24, Your douche-bag. Go lick a electrical socket or something.[/quote]

Ugh, learn to spell.

“your douche-bag”…

Ok, repeat after me:

You’re a douche bag.

Can you handle that? Cool.

Also - go lick AN electrical socket.

tl;dr Eat shit and fuck off, Ernesto DOES like it in the ass.

33 Jan 28, 2008 at 23:15 by 2b

Did Kaspersky Internet Security 7 reported 1.7.7 as trojan to any1 else?

34 Jan 29, 2008 at 01:33 by Calvin

Oh crap. I got AIDS from updating. Oh shi…j/k…stop complaining guys, this is safe.

35 Jan 29, 2008 at 20:52 by 2b

Calvin LOL
I know its safe, i Allowed, i was just wondering if KIS7 had the same errors with other guys.
I’m not ‘new’ in BT world xD

36 Jan 30, 2008 at 00:58 by oneplusone

[quote comment="273489"][quote comment="273473"][quote comment="273464"]I converted to Azureus about a week ago from uTozz don’t really see any reason for changing back now![/quote]

The fact that uTorrent is better isn’t a good enough reason?[/quote]
Whatever…[/quote]

System Resources. Azureus hogs my pooter. Unforgivable. Not to mention the security flaw of having Java running 24/7 so you can use Azureus.

37 Jan 30, 2008 at 10:53 by neko

yaknow i dont trust utorrent anymore - as soon as bram got involved and bought that thing up all hope of ever opening that source died. and lets all remember how lame his python client was ~_~

38 Feb 02, 2008 at 15:36 by anon

if i see that fucking whine one more time…

utorrent was closed source from the beginning.
there has been no proof of utorrent reporting sensitive data to riaa/mpaa/whatever/cocks.
you’ve had your brain fried from all the heat building up under that tinfoil hat.

39 Feb 08, 2008 at 16:06 by Anonymous

Calm down girls.

40 Feb 17, 2008 at 02:30 by stormie

Isnt utorrent associated with mpaa/riaa even their site used to redirect to mpa/riaa site wahtever lol. I’m still confused with this, stuck with version 1.6 cause no one messed with it, then after 161 I thought i heard riaa was helping utorrent late version so hm.

41 Apr 28, 2008 at 07:09 by Jack

TO ALL DOWNLOADERS….!!!!
I am a debut artist who’s just recorded one of the most expensive debut albums in recent history.

We have just released my debut album as a FREE HQ Mp3 download.

It was a tough decision for us to make because of the vast amounts spent on the album. We had two of the biggest record producers in the world work on it…. at Peter Gabriel’s Realworld studio and at Abbey Road studio in london.

Despite all that, we recognise the massive potential the internet and free albums in particular offers. We launched last friday and have already had 1000’s of DL’s all over the world.

Come over and download for FREE.. it takes 2 minutes to DL because we have a dedicated server.

http://www.jackrubinacci.com
Thanks
Jack

Pages: « 1 [2] Show All

Responses are closed

All remaining responses will continue to be archived. Use the TorrentFreak forums if you want to discuss something.