This week, a critical flaw, dubbed TorMoil, was found in the Mac and Linux versions of the Tor anonymity browser.
Security firm We Are Segment reported the bug to Tor developers and then published a blog post detailing the issue, which was triggered when users clicked on file:// links specifically, rather than http:// or https:// addresses.
Whilst navigating to these addresses, the operating systems could connect directly to the remote host, bypassing the Tor browser. This would result in a “leak” of the user’s real IP address, undermining the security that the Tor browser is meant to provide.
On Friday, Tor developers released a temporary fix for this issue, though it is only a workaround and may mean that the browser won’t work perfectly when accessing file:// addresses. However, the Tor developers were reportedly altered to the bug’s existence on October 26th.
If you are a Tor user, download the patch for your relevant operating system immediately to avoid your security being compromised. It’s thought that the Windows version of Tor is not affected.
And, of course, consider using a VPN as well as the Tor browser. Download SurfEasy today to bring your privacy right back into your own hands.