TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released

Catalin Cimpanu, reporting for BleepingComputer: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue -- which he codenamed TorMoil -- to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.

Re:Windows is not affected

It's still too early to give a post-mortem for non-technical folks. The bug on Bugzilla will be opened when a proper fix is given, and right now only blackhats will want to know the technical details. Until users have updated to a more secure fix than the current work-around, full transparency isn't a good idea.