Tor Browser Vulnerability Exposes Users’ Real IP Addresses
A vulnerability in the Tor Browser for Mac and Linux has been discovered that can reveal users’ real IP addresses. The issue, named TorMoil, was fixed in version 7.0.9 of the Tor Browser, released on Friday, November 3. It is strongly recommended to update your browser!
Details of the Vulnerability
The Tor ProjectThe Tor Project is a nonprofit organization dedicated to protecting online privacy and ensuring uncensored access to the internet. Emerging from U.S. Naval Research Lab experiments with onion routing in the 1990s, Tor evolved into a decentralized, volunteer-powered network that hides user identities by routing traffic through multiple encrypted relays. Since the launch of the Tor Browser in 2008, it has become a crucial tool for activists, journalists, and everyday users worldwide—supporting free expression during events like the Arab Spring and proving resilient in the face of mass surveillance disclosures. Today, Tor is sustained by a global community committed to human rights, transparency, and digital freedom. More addressed a security flaw in the Tor Browser for Mac and most Linux distributions (excluding Tails OS) that could expose users’ actual IP addresses. Windows users are not affected by this issue.
The vulnerability was discovered by Filippo Cavallarin, director of the Italian company We Are Segment. Last week, Cavallarin privately reported the issue to the Tor ProjectThe Tor Project is a nonprofit organization dedicated to protecting online privacy and ensuring uncensored access to the internet. Emerging from U.S. Naval Research Lab experiments with onion routing in the 1990s, Tor evolved into a decentralized, volunteer-powered network that hides user identities by routing traffic through multiple encrypted relays. Since the launch of the Tor Browser in 2008, it has become a crucial tool for activists, journalists, and everyday users worldwide—supporting free expression during events like the Arab Spring and proving resilient in the face of mass surveillance disclosures. Today, Tor is sustained by a global community committed to human rights, transparency, and digital freedom. More. The organization, in collaboration with Firefox developers (since Tor Browser is based on Firefox), released an update to fix the problem.
How the Vulnerability Works
According to Cavallarin, the vulnerability originally existed in Firefox and is related to how the browser handles file:// URLs. While this does not pose a risk to regular Firefox users, it is critical for Tor users. If a user visits a specially crafted web page, the operating system may connect directly to a remote host, bypassing the Tor network entirely. As a result, the user’s real IP address can be exposed.
No Evidence of Exploitation—But Update Immediately
The Tor ProjectThe Tor Project is a nonprofit organization dedicated to protecting online privacy and ensuring uncensored access to the internet. Emerging from U.S. Naval Research Lab experiments with onion routing in the 1990s, Tor evolved into a decentralized, volunteer-powered network that hides user identities by routing traffic through multiple encrypted relays. Since the launch of the Tor Browser in 2008, it has become a crucial tool for activists, journalists, and everyday users worldwide—supporting free expression during events like the Arab Spring and proving resilient in the face of mass surveillance disclosures. Today, Tor is sustained by a global community committed to human rights, transparency, and digital freedom. More has stated that there is currently no evidence that TorMoil has been exploited in the wild. However, attackers could reverse-engineer the updated browser version to identify the fix, understand the vulnerability, and potentially create an exploit. For this reason, all users of Tor Browser on Mac and Linux (except Tails OS) should update to version 7.0.9 as soon as possible.