Cyber Security

μTorrent software flaw allows hackers to control your PC remotely


If you are a μTorrent user on the Microsoft Windows Platform, it is advised that you download it’s latest version as soon as possible.

A security researcher from Google’s Project Zero discovered a form of remote code execution vulnerability in both desktop and web browser app of the μTorrent client.

Project Zero researcher Tavis Ormandy found that several issues that could allow remote attackers to exploit the torrent download software.

According to Ormandy, uTorrent apps are vulnerable to “domain name system rebinding”. It isa a hacking technique that could allow malicious websites to execute malicious code on user’s computer remotely.

To execute a DNS rebinding attack, the attacker just needs to create a simple malicious website with a DNS name that resolves to the local IP address of the computer running a vulnerable uTorrent app.

“This requires some simple DNS rebinding to attack remotely, but once you have the secret you can just change the directory torrents are saved to, and then download any file anywhere writable,” explained Ormandy.

He reported the issues of the uTorrent client in November 2017 with a 90-days disclosure deadline, and a patch was made public on Tuesday—that’s almost 80 days after the initial disclosure but the re-issued new security patches the same day were ineffective as Ormandy found that the exploits continued to work successfully with just a few small tweaks.

“This issue is still exploitable,” Ormandy said. “The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway.”

“I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch.”


On the other hand, BitTorrent assured it’s users that all vulnerabilities had been addressed with the the following releases:

  • μTorrent Stable
  • BitTorrent Stable
  • μTorrent Beta
  • μTorrent Web
Ira James
Editor-in-chief | Tech Journalist | AMD Ryzen and AOC Gaming influencer | PC Hardware Enthusiast |

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.