TorMoil Vulnerability Leaks Real IP Address From Tor Browser Users; Security Update Released (bleepingcomputer.com)

Posted by msmash on Friday November 3, 2017 @01:25PM from the privacy-woes dept.

Catalin Cimpanu, reporting for BleepingComputer: The Tor Project has released a security update for the Tor Browser on Mac and Linux to fix a vulnerability that leaks users' real IP addresses. The vulnerability was spotted by Filippo Cavallarin, CEO of We Are Segment, an Italian company specialized in cyber-security and ethical hacking. Cavallarin privately reported the issue -- which he codenamed TorMoil -- to the Tor Project last week. Tor Project developers worked with the Firefox team (Tor Browser is based on the Firefox browser) to release a fix. Today, the Tor team released version 7.0.9 to address the vulnerability. Tor Browser 7.0.9 is only available for Mac and Linux users. Tor Browser on Windows is not affected.

2 of 21 comments (clear)

Min score:

Reason:

Sort:

Windows is not affected by jfdavis668 · 2017-11-03 13:33 · Score: 3, Interesting

Boy, is that a change for once.
1. Re:Windows is not affected by Anonymous Coward · 2017-11-03 14:12 · Score: 2, Interesting
  
  Boy, is that a change for once.
  Yes and I read the article hoping to understand why. Boy was I disappointed.
  Is there a good reason the article does not explain how the exploit works or exactly what the vulnerability was? It does admit that black-hats can easily determine this from reverse-engineering the patch. So really, what exactly is the justification for not disclosing the details to everyone else?