uTorrent patches application against DLL vulnerability
- 30 August, 2010 04:31
The developers of the uTorrent file-sharing application have released an updated version that fixes a problem that could allow an attacker to load malicious code onto a user's computer.
The problem, known as DLL (dynamic link library) load hijacking, affects dozens of commonly used Windows applications. The flaw can allow an attacker to trick an application into downloading what it thinks is a DLL but actually is a malicious file. A DLL is a piece of code that can be used by more than one application.
The issue affects more than 40 applications including the Safari and Firefox browsers, many Microsoft and Adobe Systems applications and others including Skype and uTorrent.
UTorrent version 2.0.4 fixes the problem, although the company behind the application, BitTorrent, said that no attacks have been reported despite a working exploit.
"The new client disables loading of DLLs from the current working directory and prevents this exploit from functioning," according to the posting. "We take our users' security very seriously, and we sincerely apologize for any inconvenience."
The DLL problem isn't specific to the Windows OS, and Microsoft can't issue a patch that makes all of the applications safe. Application developers and companies need to develop their own specific patches.
UTorrent is a free BitTorrent client application that manages the downloading of content from the peer-to-peer system, which uses small information files called torrent to coordinate downloads.
Send news tips and comments to firstname.lastname@example.org