Mac and Linux versions of Tor anonymized browser have got a temporary fix for just a certain risk, which leaks users’ IP addresses when they go to a specific type of address.
Discovered by Italian security researcher Filippo Cavallarin, the vulnerability resides in FireFox that eventually also affects Tor Browser, since the privacy-aware service that allows users to surf the web anonymously uses FireFox at its core.
TorMoil, as it has been blamed by its researcher, when users are clicked on the link, which starts with file:// rather than the more common https:// and http:// address prefixes.When Tor Browser for macOS and Linux is in the process of opening such an address,”the operating system may directly connect to the remote host, bypassing Tor Browser,”according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.
Cavallarin, CEO of the security firm We Are Segment,Thursday (October 26) informally about the security of private vulnerabilities for the tor developers, and Tor developers started an emergency update tor version 7.0.8
- Tor Browser 7.0.9 is released (Linux/MacOS users) – Fixes a critical security flaw that leaks IP address https://goo.gl/ufWHGM
“The fix we deployed is just a workaround stopping the leak,”Tor officials wrote in a post after the announcement of Friday’s release: “As a result of the navigating file://URLs in the browser will not work as expected. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken.Opening in those new tabs or a new window does not work either.A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136.”
Did you find this story helpful on Tor browser flaw? Do not forget to share your thoughts with us.