Skip to main content

TorMoil Vulnerability Leaks Real IP Address from Tor Browser Users

The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses.

The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking.

Cavallarin privately reported the issue — which he codenamed TorMoil — to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix.

Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.

IP leak caused by "file://" links

According to Cavallarin, the issue is actually a Firefox bug in the way the browser handles file:// URLs. While the issue is harmless in Firefox, it's catastrophic in the Tor Browser.

"Once an affected [Tor Browser] user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser," Cavallarin said.

By directly connecting to the page, the Tor Browser will not go through the network of Tor relays, exposing the user's real-world IP address.

TorMoil not (yet) exploited in the wild

"We are not aware of this vulnerability being exploited in the wild," the Tor Project said today in a statement. Nonetheless, an attacker can reverse engineer the Tor Browser binary and detect the patched code. A well-versed programmer can then very easily understand how the bug occurs and create an exploit for it.

While most Linux users are affected, the Tor Project team said that Linux users running Tor Browser on the Tails OS distro are not affected, as well as users utilizing the (still alpha-stage) sandboxed version of the Tor Browser.

Tor developers also added that the patch they delivered to fix the IP leak is only a workaround — put together in a hurry to stop the leak as soon as possible — and file:// URL functionality may be broken for Tor Browser users in some situations. According to Tor Browser developers, users may be able to open file:// URLs by dragging and dropping the link into a new tab.

Labels:

Comments

Post a Comment

Popular posts from this blog

Game-changing SEO trends that will dominate 2018.

Changing nature of the rules of the game. As search engines strive to improve the quality of search results, some ranking factors shift shapes, others fall into oblivion, and completely new ones arise out of nowhere. To help you stay ahead of the game in 2018, here’s a list of the most prominent trends that are gaining momentum, with tips on how you can prepare for each. 1. The rise of SERP features Are you assuming a #1 organic ranking is  the  way to get as much traffic as possible? Think again. Increasingly, SERP features (local packs, Knowledge panels, featured snippets and so on) are stealing searchers’ attention and clicks from organic listings. And it’s only fair if you consider the evolution the Google SERP has been through. It has gone all the way from “10 blue links”… … to something that makes you feel like you’re part of a Brazilian carnival. What can you do about it? With the evolution of SERP features, it’s critical that you (a) track your rankings within these fe
1 comment
Read more

Hot Selling Frameless One-piece Jelly Color Transparent Sun Glasses

  Step out in style with our Cross-border Hot Selling Frameless One-piece Jelly Color Transparent Sun Glasses! Perfect for any occasion, these sunglasses are sure to turn heads. Get yours now at Josidel Online Stores with free shipping! Shop here: https://josidelonlinestores.com/product/cross-border-hot-selling-frameless-one-piece-jelly-color-transparent-sun-glasses/
Post a Comment
Read more

Josidel Online Stores

 Josidel Online Stores is an e-commerce website that offers a wide range of products to customers worldwide. From trendy fashion items to cutting-edge electronics, the store provides an easy and convenient shopping experience for everyone. One of the things that set Josidel Online Stores apart is the variety of products available on the platform. Customers can find everything from stylish clothing and accessories to gadgets and home appliances. With a focus on quality and affordability, the store offers products that are both stylish and practical. Another key feature of Josidel Online Stores is its user-friendly interface. The website is easy to navigate, with products sorted into various categories and subcategories. Customers can easily find what they're looking for, with a simple search bar and filtering options available. The store also provides detailed product descriptions and high-quality images to help customers make informed purchase decisions. Josidel Online Stores pride
Post a Comment
Read more