Project Zero researcher Tavis Ormandy found a serious remote code execution vulnerability in both the ‘..Torrent desktop app for Windows’ and newly launched ‘muTorrent Web’ that allows users to download and stream torrents directly into their web browser. The vulnerability is now public because a patch is available, and BitTorrent have already exhausted their 90 days anyway. BitTorrent re-issued new security patches the same day after the researcher found his exploits continued to work successfully in the default configuration with a small tweak.
Source: https://thehackernews.com/2018/02/torrent-download-software.html