Jump to content
🎅🎄 Signup today to get free TorrentLeech or ProAudioTorrents Invite! Get access to premium trackers, free seedboxes by signing up. Buy, Trade, Sell Or Find Free Invites for HDBits, PTP, Empornium, PrivateHD, Sinderella, etc 🎅🎄 ×

Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely - Piracy News and Crypto Updates - InviteHawk - Your Only Source for Free Torrent Invites

Buy, Sell, Trade or Find Free Torrent Invites for Private Torrent Trackers Such As redacted, blutopia, losslessclub, femdomcult, filelist, Chdbits, Uhdbits, empornium, iptorrents, hdbits, gazellegames, animebytes, privatehd, myspleen, torrentleech, morethantv, bibliotik, alpharatio, blady, passthepopcorn, brokenstones, pornbay, cgpeers, cinemageddon, broadcasthenet, learnbits, torrentseeds, beyondhd, cinemaz, u2.dmhy, Karagarga, PTerclub, Nyaa.si, Polishtracker etc.

Sponsored Seedbox | VPN
Request Free IPTV Trial

Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely

Archiee

By Archiee,
in Piracy News and Crypto Updates

 Share

Recommended Posts

Archiee Invite King

Archiee

torrent-download-software.png

If you have installed world's most popular torrent download software, μTorrent, then you should download its latest version for Windows as soon as possible.
Google's security researcher at Project Zero discovered a serious remote code execution vulnerability in both the 'μTorrent desktop app for Windows' and newly launched 'μTorrent Web' that allows users to download and stream torrents directly into their web browser.
μTorrent Classic and μTorrent Web apps run in the background on the Windows machine and start a locally hosted HTTP RPC server on ports 10000 and 19575, respectively, using which users can access its interfaces over any web browser.

 
However, Project Zero researcher Tavis Ormandy found that several issues with these RPC servers could allow remote attackers to take control of the torrent download software with little user interaction.
According to Ormandy, uTorrent apps are vulnerable to a hacking technique called the "domain name system rebinding" that could allow any malicious website a user visits to execute malicious code on user's computer remotely.
torrent-download-software
To execute DNS rebinding attack, one can simply create a malicious website with a DNS name that resolves to the local IP address of the computer running a vulnerable uTorrent app.
"This requires some simple DNS rebinding to attack remotely, but once you have the secret you can just change the directory torrents are saved to, and then download any file anywhere writable," Ormandy explained.
Proof-of-Concept Exploits for uTorrent Software Released Publicly
torrent-download-software
Ormandy also provided proof-of-concept exploits for μTorrent Web and μTorrent desktop (1 and 2), which are capable of passing malicious commands through the domain in order to get them to execute on the targeted computer.
Last month, Ormandy demonstrated same attack technique against the Transmission BitTorrent app.

 
Ormandy reported BitTorrent of the issues with the uTorrent client in November 2017 with a 90-days disclosure deadline, but a patch was made public on Tuesday—that's almost 80 days after the initial disclosure.
What's more? The re-issued new security patches the same day after Ormandy found that his exploits continued to work successfully in the default configuration with a small tweak.
"This issue is still exploitable," Ormandy said. "The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway." 
"I see no other option for affected users but to stop using uTorrent Web and contact BitTorrent and request a comprehensive patch."
Patch your uTorrent Software NOW!
The company assured its users that all vulnerabilities reported by Ormandy it two of its products had been addressed with the release of:
μTorrent Stable 3.5.3.44358
BitTorrent Stable 7.10.3.44359
μTorrent Beta 3.5.3.44352
μTorrent Web 0.12.0.502
All users are urged to update their software immediately.

Link to comment
Share on other sites
The last post in this topic was made more than 14 days ago. Only post in this topic if you have something valuable to add. Irrelevant posts are not allowed and you will be warned/banned for spamming old topics.

Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Customer Reviews

    lazytime77
    Wow! This is my first time buying an invite from J.Stash (and on InviteHawk) and I am very happy with the results. This is 100% the real deal. I'll keep coming back for more. Thank you so much for putting this site up. This place is a gem!
    GlitterBow6
    An excellent experience from start to finish! J.Stash was very knowledgeable and responsive throughout the entire process. What's more, J.Stash was highly professional and courteous, always taking time to answer any questions that I had. I greatly recommend this seller and would definitely purchase from J.Stash again!!
    goon64
    J.Stash has my full recommendation. It's rare to work with a seller who possesses and demonstrates not just integrity and quick delivery, but Ethan also went above and beyond when there were issues with the product (not his fault at all). Thank you J.Stash.
    insomniac
    Purchased an invite from J.Stash, the seller was very professional and fast with their turn around times. The price was amazing and the whole site is absolutely amazing. will definitely purchase more from him. I have been searching for an invite for this website for many months and J.Stash solved my request faster than lightning.
    ChocoPie
    Bought Crunchyroll Premium upgrade from J.Stash It works, my account is now premium and I have access to all the shows! Thanks a lot J.Stash for having this wonderful service among many other amazing services in your portfolio! Highly recommend purchasing from J.Stash! This is one of the many successful orders he has processed for me!
    ChocoPie
    Registered an account on InviteHawk and placed an order for 6 different trackers with J.Stash Got all of them delivered in less than 60 mins! How does he do it? 🙂 He is brilliantly fast! Absolutely love his service and communication efforts! Thanks J.Stash! You rock 🙂 This has been by far the best experience I have ever had buying invites for private trackers.
    capri28790
    Everything went just perfect. He makes me a very good impression both as person and as professional seller. Glad I found this site and met him virtually here. I wish I could spread the word about, but since this is not quit a good idea, I just want to share with other users here my best appreciations regarding J.Stash. Highly recommended: good communication, safe shop, fast delivery.
    BUTTHEADBILL
    Purchased a Spotify upgrade through him and used bitcoin and found the entire experience to be great. I am a total newbie to this site. And I wasn't sure what to expect. I am so amazed at how fast this was handled and how great everything went.
    renascor
    In all my years of finding affordable services throughout the web, I have found no provider more responsive, more committed to excellent customer service, or more accountable to keeping to the terms of the services being obtained. When something stops working, the issues are addressed ASAP. When any questions arrive, they are responded to promptly. When situations arrive post service rendered even months down the road, J.Stash has your back to help navigate through them. Highly recommended.
    flipsie
    Bought a VIP access to the forum and got exactly what I wanted+more within reasonable time! Second time buying from J.Stash and my experience was exceptional, like last time. Would definitely buy from him again in there near future.

  • Similar Topics

×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept