New uTorrent Bugs Allow Websites to Spy On Your Computer, Run Malicious Code

Feb. 21, 2018

Anyone using torrents to download files has knowingly or unknowinglyaccepted the security risks that come with it. Even websites hosting torrent links can hurt you, not just bad torrent clients with adware or corrupted files. But when one of the internet’s most popular torrent download client is compromised, it could turn into a crisis.

Google Project Zero researcher Tavis Ormandy discovered bugs inuTorrentthatallows websites to control, access, and spy on your computers.

Ormandy found two different versions of uTorrent vulnerable to a number of easy-to-exploit vulnerabilities whichallow attackers to run codes, access download files, and read the download histories of the user. According to Project Zero, the vulnerabilities have been discovered in both the Windows app and the web version of uTorrent.ArsTechnica

One thing to note here is that the vulnerabilities themselves don’t do anything, rather they provide websites a chance to exploit security gaps anddownload malicious code into Windows startup folderwhich will run when you boot up the PC. Once the code is executed, websites can easily access downloaded files and browse download history easily.

Since the vulnerabilities can only be exploited if you visit malicious websites, even if you are using uTorrent, if you have kept your visits restricted to safe websites, your download data might still be safe.