Tor users on Mac and Linux platforms are being warned to update their browsers immediately or risk losing their anonymity. The TorMoil, as it’s being called, leaks users’ true IP address if they visit certain sites; and it hasn’t entirely been fixed just yet.
The flaw happens when the browser is pointed to a location that starts with file:// instead of a more traditional HTTP:// or HTTPS://. This is because the operating system tries to establish a direct connection with the address; a move that bypasses the protections set in place by the Tor browser. The result is that the server is able to see the actual IP address of the incoming connection.
Only Tor users on Mac and Linux are being affected by this flaw, with those on Windows still remaining safely hidden.
Unfortunately, the current hotfix for the problem doesn’t quite solve it. Instead, the update being published blocks the user from clicking on the vulnerable links; which the Tor Project warns may break some connections. It’s more of a bandaid than an actual remedy at the moment.
It’s unknown if this vulnerability has been used in the wild, but it would come as no surprise if some people were already compromised. While the flaw doesn’t allow access to user systems, law enforcement agencies and other government bodies would love to be able to get a glimpse and where these Tor users are. Something that the network was supposed to help hide.
[Source: Ars Technica]