Despite the fact that the popularity of streaming websites is growing at a fast pace, BitTorrent stays a greatest source of entertainment content material source for a large chunk of humans the use of the internet. With the help of tons of famous torrent websites (there are some completely legal ones as properly) and BitTorrent clients, people download content.
A latest critical vulnerability spotted by using Google’s project zero team goals the famous Transmission BitTorrent app. by using exploiting this flaw, a hacker can execute malicious code at the users’ laptop, according to Ars Technica.
Last week, the project zero researchers posted the evidence-of-concept attack code. It’s well worth noting that project zero usually refrains itself from making the details of such flaws public for ninety days or until the fix is released. however, in this situation, the flaw became made public best 40 days after the initial report.
This occurred due to the fact the report included a patch to fix the vulnerability but Transmission developers didn’t respond on their private security mailing listing. After the public launch of the flaw, the downstream projects the usage of the Transmission project would be able to inculcate the patch of their implementations.
With the help of a hacking technique referred to as domain name system rebinding, this exploit can manage the Transmission interface while the goal visits a malicious website. this will be further made simpler by using developing a DNS name which attacker is authorized to communicate with. After controlling the Transmission interface, the attacker needs to change the torrent download directory to home and download a torrent named .bashrc.
The attacker also can configure Transmission to run any command after the download has completed. The Transmission developers have promised to release the fix as soon as feasible. however, no specific date was given.