Vulnerability in TOR able to reveal the IP of the users
Italian cybersecurity researcher Filippo Cavallarin has identified a vulnerability in the well-known TOR web browser, widely used by millions of users around the world to navigate anonymously over the Internet. This vulnerability reveals the IP address of the users who try to access files through the "file: //" addresses with the web browser, making a directly connection between the operating system and the remote host without using the TOR browser.
The revelation of the real IP address in this network is a fact that may allow identifying TOR web browser users, who anonymously consider browsing.
At the moment, the technical details of this vulnerability have not been made public, but it affects those who use the TOR browser in Linux and OS X operating systems. The investigator privately reported the vulnerability to the TOR developers and these and the have been fixed by means of an update in version 7.0.9
-
03/11/2017thehackernews.com