Security experts discovered the dangerous TorMoil Tor Browser Vulnerability which has recently been fixed in the latest version of the application. All users of the hidden network application are urged to apply the critical update as soon as possible.
TorMoil Tor Browser Vulnerability Discovered
The Tor Browser has been found to possess a dangerous bug which affects a large portion of the users. The vulnerability is known as TorMoil and is described as a problematic implementation of the protocols which “leaks” the real IP addresses of the Mac OS X and Linux users. Surprisingly Microsoft Windows users are not affected.
The problem lies in the fact that the Tor Browser uses a heavily modified Mozilla Firefox base to run the application. The issue is found in the browser’s implementation when handling “file://” paths. In a test scenario the users were directed to special web sites hosting malicious URLs. The exploit manipulates the browser into directly connecting the local instance to the remote host. At the moment it is not clear if prior versions are also affected by the problem.
The CEO of We Are Segment is responsible for discovering the vulnerability. He reported the bug on October 26 to the security team. The developers reported that they were able to create a workaround on the next day with the help of the Mozilla team. An additional bug fix was issued on October 31 which amended all major “holes”. At the moment there are no public reports of exploits using the vulnerability.
Potential Impact of the TorMoil Tor Browser Vulnerability
The vulnerability is rated as being dangerous due to the fact that it leads to the direct release of the uses real external IP address to the visited hosts. The network relies on anonymity at its core ‒ The Tor Network is primarily used to browse in a private and anonymous manner. The TorMoil vulnerability essentially bypasses this characteristic. Unfortunately due to the fact that the latest version amends the way the browser works opening files via “file://” URL paths may not function properly.
The Tor Browser is among the most widely used applications both by end users and criminals. As it is the tool which gives them access to the hidden network where all kinds of services, sites and communities, serious security issues like this one put all in risk. The primary form of identification on the Internet is the IP Address, due to this bug this is revealed. As a result the users are placed in a very dangerous situations ‒ they are able to access areas where it is much more likely to face a computer criminal. The fact that a large part of the users are exposed makes it possible for the malicious users to launch attacks on them.
Security researchers are particularly concerned about the TorMoil vulnerability as it can be used in conjunction with the popular hacker tactics of providing notes with almost all popular ransomware infections. The criminals behind the attacks can take advantage of the vulnerability by utilizing the issue in the note’s contents.
All users employing the Tor Browser should immediately apply the latest updates to protect themselves from possible abuse.
Martin Beltov
Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.
Follow Me: