Patch/Configuration Management, Vulnerability Management

Tor patches flaw that could expose MacOS and Linux IP addresses

The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users using the Tor browser.

A Tor blog post explains that the issue centers on a flaw in how Firefox handles file:// URLs. "Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser," the blog post explains.

Tor credits Filippo Cavallarin, CEO of We Are Segment, with finding the flaw and reporting it to the Tor Project on Oct. 26. Initially, the Tor Project developed a workaround with Mozilla, before ultimately fixing the problem on Oct. 31 with the release of Tor browser 7.0.9. 

No known cases of the flaw being exploited in the wild have been reported.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.