A New Vulnerability Discovered in Î¼Torrent
As far as file-sharing protocols go, BitTorrent has emerged as one of the leading P2P technologies being used. Î¼Torrent is one of the most popular BitTorrent apps around, largely because of its small size and ease of use. While Î¼Torrent used to be an independent client, it has since been taken over by BitTorrent Inc. which has partnerships with almost all the major movie networks.
Î¼Torrent has recently been found to contain a very serious security vulnerability. Apparently, there is a boundary error in the processing of â€˜.torrent' files, which can be exploited to cause a stack-based buffer overflow.
What this means is that someone can create a malicious torrent file and place his or her own code in the â€˜created by' section of the torrent. This code may be harmless or something serious like allowing the hacker access to the machine that runs the .torrent file.
Older versions of Î¼Torrent do not limit the amount of data that can be present in the â€˜created by' section of a torrent file so this problem exists in all Î¼Torrent version prior to 1.8. All users are requested to download Î¼Torrent 1.8 Release Candidate 7, which has been patched to fix this problem.
While the security vulnerability sounds serious enough, I'm a little skeptical of how dangerous it actually is. A user would have to intentionally download a corrupt torrent file and run it. Plus, indexing sites list torrent contents including the creator of the torrent so you can easily avoid files that look suspicious.
Personally, I think this is another way for BitTorrent Inc. to convince users of old versions of Î¼Torrent to upgrade to the newer one. Considering their links with the movie industry, it doesn't sound so far-fetched.
Would you upgrade to the newest version of Î¼Torrent? I'm using version 1.6 myself, which is the last version released before BitTorrent Inc. took over. Should I upgrade or stay with my old version? Let me know in the comments.Advertisement