There was a serious security flaw in the qBittorrent program years ago; update

File download client qBittorrent It had a serious flaw that made it susceptible to attacks from cybercriminals and even remote code execution. The information comes from Sharp Security, a cybersecurity company that discovered the problem and alerted the company’s developers.

space affected versions 3.2.1 – 5.0.0 program. In practice this means: 14 years passed between the update that caused the problem and its fix. At least there is no information in the report that it has been exploited by cybercriminals.

The fault was: How qBittorrent works digital certificates. Following an update to the program, it began accepting certificates without analysis or criteria; which means: False, illegal or expired requests can bypass the download manager’s security barriers your platform.

In this way, the program allowed everything from injecting malicious scripts to remote code execution. Attackers can use these old or expired authorizations to upload malware executables to multiple channelsvia URLs and RSS feeds in the browser.

As an example of client-provided vulnerability to users’ computers, Sharp Security team was able to open the Calculator app From a command sent via qBittorrent. This method used in cybercrime may involve the forced download and execution of malware.

Update released and fixed the bug

qBittorrent 5.0.1 update completely fixes this loophole and starts verifying the certificates in the program. This means It is strongly recommended to update it as soon as possible For all users, even if you use the program very little.

Although they fixed the flaw after the warning, the developers were still criticized in the report.

The update was sent to users without further informationAlthough it is so important, and without assigning a data vulnerabilities and exposure (CVE) code In the industry’s most popular database that can help with other services and products.