BitTorrent users beware: Flaw lets hackers control your computer

by
Dan Goodin
from Ars Technica - All content on (#3DCAW)
transmission-poc-800x342.png

Enlarge (credit: Tavis Ormandy)

There's a critical weakness in the widely used Transmission BitTorrent app that allows websites to execute malicious code on some users' computers. That's according to a researcher with Google's Project Zero vulnerability reporting team, who also warns that other BitTorrent clients are likely similarly susceptible.

Researcher Tavis Ormandy published the proof-of-concept attack code last week, along with a detailed description of the underlying vulnerability it exploited. Normally, Project Zero withholds publication of such details for 90 days or until the developer has released a fix. In this case, however, Ormandy's private report to Transmission included a patch that completely fixed the vulnerability. The researcher went ahead and disclosed the vulnerability last Tuesday-only 40 days after the initial report-because Transmission developers had yet to apply it. Ormandy said the publication would allow Ubuntu and other downstream projects to independently install the fix.

"I'm finding it frustrating that the Transmission developers are not responding on their private security list," Ormandy wrote in Tuesday's public report. "I suggested moving this into the open so that distributions can apply the patch independently."

Read 7 remaining paragraphs | Comments

index?i=bUC6LLeBTCQ:1pOGvX3-RgU:V_sGLiPB index?i=bUC6LLeBTCQ:1pOGvX3-RgU:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments