A BitTorrent malfunction could allow hackers to take control of Windows and Linux computers

[Garrix -™]

Google Project Zero has uncovered a "critical malfunction" in the BitTorrent Transmission application, which could provide cyber-criminals with complete control over their users' computers.
 
According to Project Zero, the client is vulnerable to a DNS re-binding attack that hinders the PC from accepting requests through port 9091 from malicious sites that should be routinely ignored.
 
The malfunction can allow hackers to perform all sorts of attacks, including remote code execution, and works in both Chrome and Firefox on Windows and Linux PCs. Other browsers are almost certainly vulnerable.
 
Writing on Twitter, Tavis Ormandy argued that "this is the first of the few code execution failures in different po[CENSORED]r torrent clients." Prior to publishing details about the attack, Google Project Zero brought the issue to the knowledge of Transmission, which launched a patch.
 
The publication of the details of the attack seems to have made developers rush to launch a patch, but it has not been applied to all software programs that use the Transmission protocol, Ormandy warned.
 
Transmission is one of many BitTorrent peer-to-peer file sharing clients.
 
Rather than a centralized hub-and-spoke system for file and data sharing, shared files are decentralized, but published through software that uses the protocol. If anyone in the network wants a file, it is downloaded in "pieces" from a source or from multiple sources.
 
Peer-to-peer file sharing, however, has gained a reputation as a distribution mechanism for pirate software, television shows and movies.
 
The protocol is also used for many legitimate file sharing purposes, such as software and other downloads from legitimate providers, to reduce network demand that more centrally distributed distribution systems can cause.
 
Source:  www.theinquirer.net