Although we haven’t been able to confirm it, we assume that uTorrent web is supported on the iPad as well. “While µTorrent Web is currently only available as part of our experimental Project Falcon software, we continue to fill out the feature set prior to a large-scale rollout,” So, in a continued effort to make our products more accessible we are introducing µTorrent Web for iPhone,” says Simon Morris, BitTorrent’s VP of Product Management.
“In our ever-connected world, users want the ability to control their torrents on the go anytime, anywhere. A few weeks ago the uTorrent ‘web’ feature opened up to the public and today the team announced that support for the iPhone has been added. Among other things, it allows users to access their downloads from anywhere through a secure web interface. Users are now being directed by BitTorrent to version 3.2 or higher of the desktop app and version 0.12.0.502 and higher of the web app.The Falcon release is one of the main pillars for uTorrent’s future. The patch involves adding a second authentication token to the web browser, although Ormandy claims this does not fix the DNS rebinding issue: “The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. An official update will be issued in the coming days, according to the company.ĭave Rees, BitTorrent's vice president of engineering, said: “All users will be updated with the fix automatically over the following days. The vulnerability is now fixed, according to BitTorrent, which has now issued a patch in a beta release. “This requires some simple DNS rebinding to attack remotely, but once you have the secret you can just change the directory torrents are saved to, and then download any file anywhere writable.” In his proof of concept write-up, Ormandy said: “You can just fetch the secret and gain complete control of the service. He reported his findings to uTorrent’s parent company, BitTorrent, last year, but went public this week after the file-sharing service surpassed its 90-day patch deadline. The vulnerabilities were found by Google Project Zero researcher Tavis Ormandy back in November. exe file into the computer’s startup folder, which would then run malware when the system was rebooted.
These commands include reading and copying torrents and downloads.Īnother flaw meant that hackers could download an arbitrary. JavaScript in a malicious web page can hijack the victim’s router, resulting in a DNS rebinding attack, forcing the hacker’s commands in the desktop app. The flaw was related to uTorrent’s remote feature for Windows, which gives users the option to manage torrents from a browser on another device. UTorrent users are being urged to update their apps after a bug left them open to remote code execution. Torrent client issues patch for RCE vulnerability that allows hackers to take full control of users’ devices.
0 kommentar(er)
