A cyber security firm fond a critical Tor browser flaw, dubbed TorMoil. This flaw leaks user IP address when they visit certain types of addresses.
When the Tor browser for macOS and Linux is in the process of opening such an address, “the operating system may directly connect to the remote host, bypassing Tor Browser,” according to We Are Segment cyber security firm.
The team issued a temporary work-around that plugs that IP leak. Till the final fix, the updated versions of the browser not working properly when navigating to addresses. They said, the Windows versions of Tor, Tails, and the sandboxed Tor browser that’s in alpha testing isn’t vulnerable.
“The fix we deployed is just a workaround stopping the leak,” Tor officials said. “According to result of navigating URLs in the browser might not work as expected anymore. In particular entering URLs in the URL bar and clicking on resulting links is broken. When opening a new tab or new window does not work.
With the help of Mozilla engineers, the Tor team has created a fix, which has patched the leak partially. To fix this issue, the Tor team delivered in Tor browser version 7.0.9 for Mac and Linux users. However, the IP leak stems from a Firefox bug.
The team also warned that alpha versions of the Tor browser for Mac and Linux haven’t yet received the fix. Mac and Linux alpha users should use updated versions of the stable version.
However, there’s no evidence the flaw actively exploited on the Internet or darkweb to obtain the IP addresses or Tor users.
More information: [WE ARE SEGMENT]