Tor Browser Vulnerability Exposes Users’ Real IP Addresses

A vulnerability in the Tor Browser for Mac and Linux has been discovered that can reveal users’ real IP addresses. The issue, named TorMoil, was fixed in version 7.0.9 of the Tor Browser, released on Friday, November 3. It is strongly recommended to update your browser!

Details of the Vulnerability

The Tor Project addressed a security flaw in the Tor Browser for Mac and most Linux distributions (excluding Tails OS) that could expose users’ actual IP addresses. Windows users are not affected by this issue.

The vulnerability was discovered by Filippo Cavallarin, director of the Italian company We Are Segment. Last week, Cavallarin privately reported the issue to the Tor Project. The organization, in collaboration with Firefox developers (since Tor Browser is based on Firefox), released an update to fix the problem.

How the Vulnerability Works

According to Cavallarin, the vulnerability originally existed in Firefox and is related to how the browser handles file:// URLs. While this does not pose a risk to regular Firefox users, it is critical for Tor users. If a user visits a specially crafted web page, the operating system may connect directly to a remote host, bypassing the Tor network entirely. As a result, the user’s real IP address can be exposed.

No Evidence of Exploitation—But Update Immediately

The Tor Project has stated that there is currently no evidence that TorMoil has been exploited in the wild. However, attackers could reverse-engineer the updated browser version to identify the fix, understand the vulnerability, and potentially create an exploit. For this reason, all users of Tor Browser on Mac and Linux (except Tails OS) should update to version 7.0.9 as soon as possible.