Jump to content
  • Tails 5.0 Linux users warned against using it "for sensitive information"


    Karlston

    • 512 views
    • 2 minutes
     Share


    • 512 views
    • 2 minutes

    Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they're entering or accessing sensitive information using the bundled Tor Browser application.

     

    Tails (short for The Amnesic Incognito Live System) is a Linux distro focused on protecting the users' anonymity (e.g., activists and journalists) and helping them circumvent censorship by forcing all connections to and from the Internet through the Tor network.

     

    "We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the Tails developers warned.

     

    This warning was prompted by two critical zero-day bugs in the Firefox JavaScript engine (tracked as CVE-2022-1802 and CVE-2022-1529), exploited during the first day of the Pwn2Own 2022 Vancouver hacking contest and patched by Mozilla two days later.

     

    While the bugs have already been patched upstream, the developers cannot deliver patches for any of the included apps until the next release, given that Tails is a live Linux distro.

     

    The vulnerabilities enable attackers to access info from other websites visited using Tor Browser if successfully exploited.

     

    "For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session," the Tails advisory adds.

    Tails still safe for some users

    The Tails devs also explained that the flaws do not affect Tor Browser users when used on the Safest security level because it automatically disabled JavaScript while browsing.

     

    Likewise, Thunderbird users are not impacted because the version bundled with the Tails Linux distro has JavaScript disabled by default.

     

    Additionally, Tails users who don't use or access sensitive information through the Tor Browser can still use it safely since the security flaws don't break the encryption and anonymity of Tor connections.

     

    "Mozilla is aware of websites exploiting this vulnerability already. This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn't have the capacity to publish an emergency release earlier," the Tails team warned.

     

     

    Tails 5.0 Linux users warned against using it "for sensitive information"


    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...