Tails 5.0 Linux Users Warned Against Using it “for sensitive information”
Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they’re entering or accessing sensitive information using the bundled Tor Browser application.
Tails (short for The Amnesic Incognito Live System) is a Linux distro focused on protecting the users’ anonymity (e.g., activists and journalists) and helping them circumvent censorship by forcing all connections to and from the Internet through the Tor network.
“We recommend that you stop using Tails until the release of 5.1 (May 31) if you use Tor Browser for sensitive information (passwords, private messages, personal information, etc.),” the Tails developers warned.
While the bugs have already been patched upstream, the developers cannot deliver patches for any of the included apps until the next release, given that Tails is a live Linux distro.
The vulnerabilities enable attackers to access info from other websites visited using Tor Browser if successfully exploited.
“For example, after you visit a malicious website, an attacker controlling this website might access the password or other sensitive information that you send to other websites afterwards during the same Tails session,” the Tails advisory adds.
Tails still safe for some users
Additionally, Tails users who don’t use or access sensitive information through the Tor Browser can still use it safely since the security flaws don’t break the encryption and anonymity of Tor connections.
“Mozilla is aware of websites exploiting this vulnerability already. This vulnerability will be fixed in Tails 5.1 (May 31), but our team doesn’t have the capacity to publish an emergency release earlier,” the Tails team warned.