SafeUM
Home Blog Services Download Help About Recharge
EN
RU

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
EN
Lang
EN
RU
Archive
TOP Security!
6 Nov 2017

Critical Tor flaw leaks users’ real IP address

Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users' IP addresses when they visit certain types of addresses.

TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes.

When the Tor browser for macOS and Linux is in the process of opening such an address, "the operating system may directly connect to the remote host, bypassing Tor Browser," according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers. On Friday, members of the Tor Project issued a temporary work-around that plugs that IP leak. Until the final fix is in place, updated versions of the browser may not behave properly when navigating to file:// addresses. They said both the Windows versions of Tor, Tails, and the sandboxed Tor browser that's in alpha testing aren't vulnerable. "The fix we deployed is just a workaround stopping the leak," Tor officials wrote in a post announcing Friday's release.

"As a result of that navigating file:// URLs in the browser might not work as expected anymore. In particular entering file:// URLs in the URL bar and clicking on resulting links is broken. Opening those in a new tab or new window does not work either. A workaround for those issues is dragging the link into the URL bar or on a tab instead. We track this follow-up regression in bug 24136."

Friday's post went on to say that We Are Segment CEO Filippo Cavallarin privately reported the vulnerability on October 26. Tor developers worked with Mozilla developers to create a work-around the following day, but it only partially worked. They finished work on a more complete work-around on Tuesday. The post didn't explain why the fix, delivered in Tor browser version 7.0.9 for Mac and Linux users, wasn't issued until Friday, three days later. The Tor browser is based on Mozilla's open-source Firefox browser. The IP leak stems from a Firefox bug.

Tor officials also warned that alpha versions of the Tor browser for Mac and Linux haven't yet received the fix. They said they have tentatively scheduled a patch to go live on Monday for those versions. In the meantime, the officials said, Mac and Linux alpha users should use updated versions of the stable version.

Tor's statement Friday said there's no evidence the flaw has been actively exploited on the Internet or darkweb to obtain the IP addresses or Tor users. Of course, the lack of evidence doesn't mean the flaw wasn't exploited by law enforcement officers, private investigators, or stalkers. And now that a fix is available, it will be easy for adversaries who didn't know about the vulnerability before to create working exploits. Anyone who relies on a Mac or Linux version of the Tor browser to shield their IP address should update as soon as possible and be ready for the possibility, however remote, their IP addresses have already been leaked.

Tags:
Tor information leaks
Source:
Ars Technica
1047
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015