Developers of the popular Tails Linux distribution (opens in new tab) have warned users to abstain from the OS until the next version is released, if they use it for entering, or accessing, sensitive information (opens in new tab).
"We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.)," the warning reads.
The announcement comes days after the Pwn2Own 2022 Vancouver event, where contestants successfully exploited two zero-days found in the Firefox JavaScrip engine. If the two vulnerabilities, tracked as CVE-2022-1802 and CVE-2022-1529, are abused successfully, they could allow threat actors to access information submitted to legitimate sites via the Tor browser on targeted endpoints (opens in new tab).
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
Exceptions to the rule
"For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session," the warning explains.
Mozilla, which said some threat actors were already exploiting this vulnerability in the wild, has addressed the issue, BleepingComputer has found, but given that Tails is a live Linux distro, the devs cannot deliver patches for any of the included apps until the next release, which is due on May 31.
> Linux malware is booming, so stay secure, Microsoft warns (opens in new tab)
> Malware targeting Linux systems hit a new high in 2021 (opens in new tab)
> Sneaky Linux malware hides behind events scheduled to run on February 31 (opens in new tab)
It was also said that if users refrain from accessing, or submitting, sensitive information via Tor, they can still safely use it, as these flows don’t break the encryption and anonymity provided by Tor.
Tails, short for The Amnesic Incognito Live System, is a Debian-based Linux distro, usually used by journalists, whistleblowers, civil rights activists, and other individuals looking to stay fully anonymous online, and bypass any censorship or government restrictions.
"Mozilla is aware of websites exploiting this vulnerability already. This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn't have the capacity to publish an emergency release earlier," the Tails team warned.
- Keep your devices secure with the best firewalls around (opens in new tab)
Via: BleepingComputer (opens in new tab)