Project Zero, an initiative by Google researchers looking for security holes in third-party software, has just revealed a new breach in the uTorrent application, one of the most popular torrent clients on the web.
Details of the crash have not yet been released for security reasons. But according to TorrentFreak information, engineer Tavis Ormandy informed BitTorrent Inc, the company that manages uTorrent, about the failure last November.
As usual, Ormandy explained how the failure works and what are the possible ways to exploit it. The researcher then gave BitTorrent a 90-day deadline to correct the problem in the application or to release a notice about it to users.
As TorrentFreak explains, the deadline is running out, but BitTorrent promises that a fix will be released as an update later this week. The patch would have already been reviewed by Ormandy, who confirmed the upgrade’s effectiveness.
BitTorrent says it will only reveal more details about the crash when most users already have the fix installed on their uTorrent versions. But it’s possible that the problem has to do with the app’s remote control feature.
Last year, Google’s Project Zero revealed a security breach in the Transmission app. At the time, the researchers said more torrent clients had similar faults linked to the remote control system.
The system allows the user to access their uTorrent download list by the browser in sync with the version of the program installed on the PC. So it may be wise to leave this feature off, at least until the app is updated.
Anyone who wants to get ahead, can download the beta of uTorrent, which already has the bug fixed.