Tor vulnerability leaks users' IP addresses

Heather Parry

By Heather Parry

09 November 2017

This week, a critical flaw, dubbed TorMoil, was found in the Mac and Linux versions of the Tor anonymity browser.

Security firm We Are Segment reported the bug to Tor developers and then published a blog post detailing the issue, which was triggered when users clicked on file:// links specifically, rather than http:// or https:// addresses.

Whilst navigating to these addresses, the operating systems could connect directly to the remote host, bypassing the Tor browser. This would result in a “leak” of the user’s real IP address, undermining the security that the Tor browser is meant to provide.

On Friday, Tor developers released a temporary fix for this issue, though it is only a workaround and may mean that the browser won’t work perfectly when accessing file:// addresses. However, the Tor developers were reportedly altered to the bug’s existence on October 26th.

If you are a Tor user, download the patch for your relevant operating system immediately to avoid your security being compromised. It’s thought that the Windows version of Tor is not affected.

And, of course, consider using a VPN as well as the Tor browser. Download SurfEasy today to bring your privacy right back into your own hands.

About Us

SurfEasy is a VPN tool that protects your online privacy and unblocks the internet. Use it on your Mac, PC, iPhone, iPad or Android.

Learn More