As far as file-sharing protocols go, BitTorrent has emerged as one of the leading P2P technologies being used. μTorrent is one of the most popular BitTorrent apps around, largely because of its small size and ease of use. While μTorrent used to be an independent client, it has since been taken over by BitTorrent Inc. which has partnerships with almost all the major movie networks.
μTorrent has recently been found to contain a very serious security vulnerability. Apparently, there is a boundary error in the processing of ‘.torrent' files, which can be exploited to cause a stack-based buffer overflow.
What this means is that someone can create a malicious torrent file and place his or her own code in the ‘created by' section of the torrent. This code may be harmless or something serious like allowing the hacker access to the machine that runs the .torrent file.
Older versions of μTorrent do not limit the amount of data that can be present in the ‘created by' section of a torrent file so this problem exists in all μTorrent version prior to 1.8. All users are requested to download μTorrent 1.8 Release Candidate 7, which has been patched to fix this problem.
While the security vulnerability sounds serious enough, I'm a little skeptical of how dangerous it actually is. A user would have to intentionally download a corrupt torrent file and run it. Plus, indexing sites list torrent contents including the creator of the torrent so you can easily avoid files that look suspicious.
Personally, I think this is another way for BitTorrent Inc. to convince users of old versions of μTorrent to upgrade to the newer one. Considering their links with the movie industry, it doesn't sound so far-fetched.
Would you upgrade to the newest version of μTorrent? I'm using version 1.6 myself, which is the last version released before BitTorrent Inc. took over. Should I upgrade or stay with my old version? Let me know in the comments.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.