News

Tor browser leak exposed IP on macOS and Linux

By admin
Spread the love

The Tor Project has patched a leak in the Linux and macOS versions of its browser. With a small change to a URL, the OS could be persuaded not to connect via the Tor browser, but directly to the address, exposing the user’s IP address.

The bug, which stems from the Firefox browser on which the Tor browser is based, manifests itself when users navigate to a URL that begins with ‘file://’ instead of ‘http(s)://’. When that happens, the connect request is passed to the OS, exposing the user’s IP address to the outside world, which goes against the whole idea of ​​the Tor browser. Abusing this is as simple as modifying a URL on a web page. The security hole has been temporarily closed in these versions by partially disabling the functionality.

The vulnerability was reported to the development team on October 26 by We Are Segment, which has named it TorMoil. The Tor Project reports that the bug was reported on October 26 and a fix was ready on Tuesday, October 31. On Friday, November 3, three days later, the update actually came online. A final update, which should also fix the newly created bug around non-working ‘file://’ urls, is yet to follow.

The alpha version of the Tor Browser for Linux and macOS did not receive the fix. It is expected to be released on Monday. Users are therefore advised to use the latest stable version of the browser now.

You might also like
News

EU Council determines position on security requirements for digital products

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Anticheat FaceIT gets Linux version, enables Steam Deck support

News

Brave sells web content as data for AI training

News

Firefox beta has support for Nvidia video upscaling technique

News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting