Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
SUBSCRIBE
Zerosecurity
  • Home
  • Security
    • Exploits
    • Mobile Security
  • Malware
  • Data Breaches
  • Crypto
  • Privacy
  • Downloads
    • Malwarebytes
    • Exploits
    • Paper Downloads
    • Software & Service Reviews
No Result
View All Result
Zerosecurity
No Result
View All Result
Home Privacy

Tails OS Developers Warn Users to not use their Operating System

Kyle by Kyle
May 28, 2022
in Privacy
0
Tails OS 5.0 zero-day
82
SHARES
1.3k
VIEWS
Share on FacebookShare on Twitter

The developers of the popular Tails OS (operating system) are warning its users to cease use of their tool due to privacy concerns after the discovery of a prototype pollution vulnerability.

You might also like

GIFs in messaging apps are tracking you

Google Chrome exposes user extensions to fingerprinting

Chrome Browser Extension Vytal Prevents Privacy Leaks

“We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.).” The Tails Developers stated in a blog post on May 24.

Tails is short for “The Amnesic Incognito Live System” which is a Debian-based Linux distribution focused on protecting users’ anonymity (e.g. activists and journalists). The main feature of Tails is it allows anyone to circumvent censorship by routing all internet traffic through the Tor network.

This warning was given by the Tails team due to two critical zero-day exploits in the Firefox JavaScript engine. These zero-days are being tracked under CVE codes CVE-2022-1802 and CVE-2022-1529. They were originally used on the first day of the Pwn2Own 2022 Vancouver hacking contest. These exploits were patched by Mozilla two days later.

While the exploits have been patched, the developers are unable to deliver patches for any of the included apps within Tails due to Tails being a live Linux distro. A live Linux Distro is a Linux operating system that runs completely from RAM. This allows you to run a full instance of the operating system (from either CD/DVD or USB) without making changes to your current system.

These vulnerabilities allow attackers to access info from other websites visited while using the Tor Bowser.

“For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session,” the Tails blog post adds.

What is the Tails OS used for?

The Tails OS is predominantly utilized against online surveillance and prevents third-party tracking from companies such as Google and Facebook.  The operating system also forces all traffic through the Tor network. The Tor network is a powerful anti-surveillance network built around an encrypted peer-to-peer (P2) network which protects users against traffic analysis as well as having the ability to circumvent censorship put into place by governments or your internet service providers.

Tails OS Vulnerability Workaround

The Tails developers explained that the flaws do not affect Tor Browser users on the safest security level because JavaScript is completely disabled with that level while browsing.

Thunderbird which is also packaged with the Tails OS is not impacted as JavaScript is disabled by default.

Additionally, individuals that use Tails to access information that isn’t sensitive via the Tor Browser will be able to use it safely as the security weaknesses don’t break the encryption and privacy of the Tor peer-to-peer network.

“Mozilla is aware of websites exploiting this vulnerability already. This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn’t have the capacity to publish an emergency release earlier,” the Tails team warned in the blog post.

 

Tags: Tailstor
Share35Tweet20
Kyle

Kyle

Co-owner, writer, and editor at ZeroSecurity. Security, Blockchain, and SEO enthusiast. "Formal education will make you a living; self-education will make you a fortune."

Recommended For You

GIFs in messaging apps are tracking you

by Christi Rogalski
July 19, 2022
0
GIFs in messaging apps are tracking you

Today, the dynamic moving image, GIF sent to a friend or colleague, perfectly expresses our emotions and lightens the mood of the receiver(s). However, several concerns have been...

Read more

Google Chrome exposes user extensions to fingerprinting

by Kyle
July 1, 2022
0
Google Chrome Extension fingerprinting source

Security researcher, z0ccc, has released a new tool that proves that Google Chrome extensions can be fingerprinted which allows tracking of its users online. Tracking users online is...

Read more

Chrome Browser Extension Vytal Prevents Privacy Leaks

by Christi Rogalski
June 19, 2022 - Updated on June 20, 2022
0
Vytal Chrome Extension spoofs location data

Released in 2008, Google Chrome is a cross-platform web browser. With over 3.2 billion internet users worldwide, there's no denying that Chrome is the most popular browser today....

Read more

Are Bluetooth signals being used to track smartphones?

by Christi Rogalski
June 17, 2022
0
Bluetooth research leads to tracking

Can Bluetooth signals be used to track smartphones? Many people would say "No" to this question. However, a team of engineers at the University of California San Diego...

Read more

How Apple Stopped $1.5 billion Worth of Fraudulent Transactions in 2021

by Christi Rogalski
June 8, 2022
0
Apple app store security fraud

Apple has recently released statistics on the number of fraudulent and untrustworthy transactions that have passed through the Apple App Store in 2021. In combination, they have stopped...

Read more
Next Post
ChromeLoader Attacking Chrome Browsers Worldwide – How to Protect Yourself

ChromeLoader Attacking Chrome Browsers Worldwide - How to Protect Yourself

Related News

BlueSky Ransomware backdoors KMSAuto activator

BlueSky Ransomware Infects KMSAuto Activator users

July 20, 2022 - Updated on July 22, 2022
BlackCat Ransomware aka “ALPHV” infections on the rise

BlackCat Ransomware aka “ALPHV” infections on the rise

June 16, 2022 - Updated on July 20, 2022
GIFs in messaging apps are tracking you

GIFs in messaging apps are tracking you

July 19, 2022
Zerosecurity

We cover the latest in Information Security & Blockchain news, as well as threat trends targeting both sectors.

Categories

  • Crypto
  • Data Breaches
  • DotNet Framework
  • Downloads
  • Exploits
  • Exploits
  • Information
  • Legal
  • Malware
  • Malware Analysis
  • Mobile Security
  • Paper Downloads
  • Piracy
  • Privacy
  • Programming
  • Public
  • Security
  • Security
  • Software & Service Reviews
  • Technology News
  • Tools
  • Tutorials
  • Video Tutorials
  • Whitepapers
  • Zero Security
  • Contact Us
  • List of our Writers

© 2022 ZeroSecurity, All Rights Reserved.

No Result
View All Result
  • Home
  • Security
  • Exploits
  • Data Breaches
  • Malware
  • Privacy
  • Mobile Security
  • Tools
  • Contact Us
  • Privacy Policy

© 2022 ZeroSecurity, All Rights Reserved.