uTorrent vulnerability allows hackers to inject malware

Post Reply
Posts: 362
Joined: Tue Jul 11, 2017 4:57 pm

uTorrent vulnerability allows hackers to inject malware

Post by learning » Tue Mar 06, 2018 4:50 pm

Google Project Zero's Tavis Ormandy discovered vulnerabilities in uTorrent desktop and web apps that could allow attackers to inject malware or fetch data on previous downloads.

The security researcher revealed that attacks can make their way from malicious websites and through easily surmountable HTTP RPC servers - created by default on port 10000 by uTorrent Classic and port 19575 by uTorrent Web - to infect a target PC with malware or gain access to download history. It seems the 8-byte secret that is meant to protect the RPC servers from remote attacks is easily compromised, and once that is done, the way to the device using the client is laid bare.
How To Fix:

Most websites recommend "upgrading" to the latest version of uTorrent. However, if you are experienced with filesharing and uTorrent, then you know the unfortunate direction uTorrent has taken. In my opinion, the latest "upgrades" of uTorrent are definite "downgrades". So, you can stick with your older version. Just block the vulnerable ports in your firewall.

In the 'Global Rules' section of your firewall, set rules to block tcp/udp in/out for the port 10000, creating two separate rules for source and destination port. Then, do the same for 19575.

After you have created these four separate rules, then prioritize them by moving them up the list of rules to the top in the 'Global Rules' section. In firewalls, the rules at the top are higher priority and take effect before the rules at the bottom.

If the firewall fix is too troublesome, then simply "upgrade" to the latest version of uTorrent (Lord, help you ).

Here is how to fix the problem:
https://www.iphonefirmware.com/utorrent ... e-problem/

Post Reply