Tor is a web browser that allows users to browse the internet anonymously by keeping their IP hidden. This is perfect for privacy conscious users. However, if you are accessing Tor via a Mac or Linux, then you need to familiarize yourself with a serious Tor vulnerability that could compromise your anonymity.
We Are Segment security firm CEO Filippo Cavallarin announced that the firm discovered a Tor vulnerability that could lead to leakage of users real IPs. The vulnerability is called TorMoil.
The company didn’t disclose the vulnerability yet, following Responsible Disclosure Principles, waiting for a proper fix to be available first.
Due to a Firefox bug in handling file:// URLs it is possible on both systems that users leak their IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser
If you are one of those people that rely on Tor Browser to safely browse the Internet, the message is just one: keep your Tor Browser updated!
HackRead reported that Tor officials released to following announcement regarding bug 24136: “The fix we deployed is just a workaround stopping the leak. As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136” read the post from Tor Project.”
Users on Linux and Mac machines are advised to update their Tor browser with version 7.0.9 to prevent leaking of their IP adresses. As this patch won’t work on alpha versions, users are advised to use stable versions until an alpha version patch is released.
Even though there are no indications that the Tor vulnerability has been exploited, this doesn’t mean that hackers and law enforcement officials haven’t already exploited the bug yet.
Remember, keep all your devices and softwares up to date. Last week, we reported iOS 11.1 flaw and security news keep on coming up.