How To
uTorrent users are at risk and updating won’t help (for now)
- February 28, 2018
- Updated: July 2, 2025 at 6:38 AM
A series of serious security flaws has been discovered in the uTorrent web and desktop versions. These flaws may open the door to an attacker to infect victims with malware or to collect data.
The discoverer of these flaws is Project Zero, Google’s security group that scans the most relevant websites and programs for errors. More specifically, Tavis Ormandy, one of its members, found this flaw.
The bug in question is easy to use. In the case of the web client, for example, it’s enough to trick the user into accessing a specific page that helps the hacker get the server’s secret authentication key. With this key, the attacker controls the server and with it, the victim’s uTorrent.
Project Zero’s policy is to give those in charge of the affected program a grace period of 90 days before making the problem public. In theory, this process allows many flaws to be resolved before the user has to worry about them.
Sometimes, the error is so difficult to sort out that the grace period ends and Project Zero decides to reveal the problem. This happened a few days ago with Microsoft, for example.
60 infected apps removed from Google Play Store for displaying pornographic ads to children
Read moreIf you’re curious, Ormandy has created two pages that emulate an attack from the uTorrent web version and the uTorrent desktop version. Keep in mind that if you start the demo, your uTorrent will pause. So, you won’t be at risk.
BitTorrent, the company behind uTorrent, has released a fix for the beta version of the uTorrent desktop version. The problem is, according to Ormany, this fix isn’t convenient and doesn’t resolve the entire bug. BitTorrent doesn’t feel the same and in few days will move this fix to the regular version.
Here’s his tweet, complaining about it:
Hmm, it looks like BitTorrent just added a second token to uTorrent Web. That does not solve the DNS rebinding issue, it just broke my exploit.
— Tavis Ormandy (@taviso) 20 de febrero de 2018
There are still no patches for the web version, so you should avoid it until further notice.
Until it’s clear if uTorrent for desktop has the problem solved, and until the uTorrent for web is solved too, it’s best you don’t risk it and avoid those pages. Just a friendly warning…
If you use uTorrent regularly and you’re worried about being infected or getting infected, we recommend you install leading antivirus programs such as those recommended here:
Sources: ADSLZone, Genbeta, ComputerHoy
Latest from Daniel Caceres
You may also like
NewsThey made over 1 billion dollars in the 80s and now this trilogy of movies is coming to Netflix to take you on an incredible time travel journey
Read more
NewsThe CEO of Nvidia is clear: "China is going to win the AI race"
Read more
NewsAfter making 139 million dollars at the box office, the creator of Chainsaw Man arrives on Prime Video with a very unique anime
Read more
NewsDemonstrates that Battlefield 6 can run without enabling TPM
Read more
NewsJennifer Lawrence is taking the critics by storm with her new thriller co-starring Robert Pattinson
Read more
NewsWorld of Warcraft receives a new premium currency that divides the community
Read more