µTorrent Discreetly Patches Old Vulnerability

Without any trumpet blast, the popular BitTorrent client µTorrent has fixed a vulnerability that was allowing hackers to load malware onto the computers of file-sharers simply by luring them into opening a compromised Torrent.

The vulnerability in question received confirmation in version 1.7.7 of µTorrent. It’s possible that earlier versions are affected as well. We first learnt about the bug from a posting by Rhys Kidd. According to him the flaw had been a “resident” of the software as a zero-day vulnerability for the last two years.

Note: BitTorrent Mainline version six and beyond are also vulnerable because BitTorrent, Incemploys µTorrent source code, Kidd says. The two software packages account for more than 18.8 % of the installed P2P client base, which, as anyone can realize, translates into large range for scammers.

However, it’s good to know that the latest version of µTorrent, released earlier this month, solves this problem though release notes “forget” to say anything about it. Secunia, a security notification service, says that version 1.8 RC7 of the application dealt with the flaw and discreetly patched it. A similar patching is expected from BitTorrent which for the time being remains vulnerable in this respect.