A New Vulnerability Discovered in μTorrent

Cheryl
Aug 17, 2008
Updated • Dec 2, 2012
File Sharing, Security
|
10

As far as file-sharing protocols go, BitTorrent has emerged as one of the leading P2P technologies being used. μTorrent is one of the most popular BitTorrent apps around, largely because of its small size and ease of use. While μTorrent used to be an independent client, it has since been taken over by BitTorrent Inc. which has partnerships with almost all the major movie networks.

μTorrent has recently been found to contain a very serious security vulnerability. Apparently, there is a boundary error in the processing of ‘.torrent' files, which can be exploited to cause a stack-based buffer overflow.

What this means is that someone can create a malicious torrent file and place his or her own code in the ‘created by' section of the torrent. This code may be harmless or something serious like allowing the hacker access to the machine that runs the .torrent file.

Older versions of μTorrent do not limit the amount of data that can be present in the ‘created by' section of a torrent file so this problem exists in all μTorrent version prior to 1.8. All users are requested to download μTorrent 1.8 Release Candidate 7, which has been patched to fix this problem.

While the security vulnerability sounds serious enough, I'm a little skeptical of how dangerous it actually is. A user would have to intentionally download a corrupt torrent file and run it. Plus, indexing sites list torrent contents including the creator of the torrent so you can easily avoid files that look suspicious.

Personally, I think this is another way for BitTorrent Inc. to convince users of old versions of μTorrent to upgrade to the newer one. Considering their links with the movie industry, it doesn't sound so far-fetched.

Would you upgrade to the newest version of μTorrent? I'm using version 1.6 myself, which is the last version released before BitTorrent Inc. took over. Should I upgrade or stay with my old version? Let me know in the comments.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Taomyn said on September 4, 2013 at 9:46 am
    Reply

    And for those looking for a decent alternative that’s free and free from ads plus other crap (though I would recommend donating), then try qBittorrent: http://www.qbittorrent.org/

  2. zondron said on September 4, 2013 at 10:10 am
    Reply

    Why not use the portable version of uTorrent?

    Just downlad the .exe from official website into a folder, create a text file in the same folder, rename the .txt file to settings.dat and start uTorrent. You can move the folder anywhere.

    1. Coyote said on September 4, 2013 at 3:03 pm
      Reply

      ^Exactly…. in fact I would recommend avoiding all versions over 2.0, the torrent portion of the program hardly changed, it’s all the ads, ratings, and possible tracking features that require all the additional installs.

      And this is why I never updated in a nutshell;

      “Ads
      More Ads (hit decline offer)
      Even more ads (hit decline)”

      Nope. I donated $25 several years ago to the utorrent crew.. possibly a decade… so I refuse to accept their reasoning for selling out so much.

      1. zondonr said on September 4, 2013 at 4:16 pm
        Reply

        You can turn off the ads.

  3. Paul said on September 4, 2013 at 3:18 pm
    Reply

    qBittorrent FTW!

  4. anon said on September 4, 2013 at 3:42 pm
    Reply

    Qbittorrent your way out of this piece of crap.

  5. Dukislav said on September 4, 2013 at 5:45 pm
    Reply

    +1 for Qbittorrent

  6. Blue.bsod said on September 4, 2013 at 6:25 pm
    Reply

    I’m a long long time user of Bitcomet now and forever. Never any ads, no offers, nothing to decline, no sell out… little used due to the complex nature they still scare people away with, but their new install is a simple one click solution that discovers all settings on its own except firewalls.

    They follow a simple idea…’share’… if you share you can possibly go faster than those who don’t share. You can even see connections* connected to you and of them who is sharing and who isn’t… then you can boot them / ban them or ignore them selectively ‘mwahahaha…’. We can set how much we share, with who, and how fast we share.

    *in my personal experience over 95% of Azures and uTorrent users do not share, I boot them.

    So those who believe Bitcomet is hard to understand, they haven’t been that since version 1.09a (current public release 1.35). Also Bitcomet installs a Firefox add-on to capture media from the temp directory. You can easily unload it using Firefox’s Add-on Options page.

    Bottomline, Bitcomet is faster and easier to install/use. Signing up as a registered user will allow you to join the ranks as a sharing user. The more you share, the faster you can possibly go.

  7. suc said on July 19, 2014 at 7:21 pm
    Reply

    utorrent installs itself in appdata folder so it can inject malware without the UAC consent. Don’t use utorrent because it’s unsafe!

  8. uTP said on December 8, 2015 at 10:47 am
    Reply

    The best last version of utorrent is 2.2.1 build 25534

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.