uTorrent Client Affected by Some Pretty Severe Security Flaws

A Google security researcher has found multiple security flaws affecting the uTorrent web and desktop client that allow an attacker to infect a victim with malware or collect data on the users' past downloads, reports BleepingComputer. From the report: The vulnerabilities have been discovered by Google Project Zero security researcher Tavis Ormandy, and they impact uTorrent Web, a new web-based version of the uTorrent BitTorrent client, and uTorrent Classic, the old uTorrent client that most people know. Ormandy says that both uTorrent clients are exposing an RPC server -- on port 10000 (uTorrent Classic) and 19575 (uTorrent Web). The expert says that attackers can hide commands inside web pages that interact with this open RPC server. The attacker only needs to trick a user with a vulnerable uTorrent client to access a malicious web page. Furthermore, the uTorrent clients are also vulnerable to DNS rebinding -- a vulnerability that allows the attacker to legitimize his requests to the RPC server.

Who still uses it?

i thought people stopped using it once it started showing advertisements?

Re:Who still uses it?

I still use the old v2.x uTorrent. The article doesn't state which versions are vulnerable, but I doubt mine is because it's from before they started piling on a bunch of worthless bloatware "features".

Use qBittorrent

[Jahoda]

uBittorent was nerfed and winamped years ago. qBittorent has taken its place as lightweight, clean, and reliable.