The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system “Tails” that could be used by an attacker to unmask your identity.
Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remain Anonymous, has a suite of privacy applications and designed to keep users’ communications private by running all connectivity through Tor, the network that routes traffic through various layers of servers and encrypts data.
But unfortunately, the highly secured OS has several critical zero-day vulnerabilities that could help attackers or law enforcements to de-anonymize anyone and allows to perform remote code execution, according to a researcher at Exodus Intelligence who uncovered the flaws but didn't publish the details about it.
The Texas-based security firm, Exodus Intelligence, tweeted on Monday that it had found several remote code execution vulnerabilities in Tails operating system. The firm explained that the architect of the operating system is seriously vulnerable that could leads to put users’ security at risk.
NEW TAILS 1.1 RELEASED, BUT NOT PATCHED
Today tails has launched its big release, Tails version 1.1, but Exodus warned via a tweet that the latest version of the OS is still vulnerable to the zero-day attacks it had identified. The firm don’t want to release the details of the exploit until there is a patch, but it said it would release details about the zero-day flaws in a series of blog posts next week.
Exodus Intelligence usually identifies vulnerabilities in various products and sell them to their clients, including the US agencies and DARPA; but in this case they have decided to do not sell the Tails remote code execution exploit to any of its client.
TAILS DEVS STILL UNAWARE OF THE ZERO-DAYS
Tails OS developers claimed that the company has not yet responsibly disclosed the vulnerabilities details to them.
> "We were not contacted by Exodus Intel prior to their tweet. In fact, a more irritated version of this text was ready when we finally received an email from them. __They informed us that they would provide us with a report within a week."
I know, Tails is considered to be one of the best options for privacy conscious Internet users, but such revelations indicates that no software or operating system offers complete privacy and security to users even if they are developed by keeping anonymity as the first priority.
The company also assured its users to provide some extra features among improving the security of the operating system.
> "Being fully aware of this kind of threat, we're continuously working on improving Tails' security in depth. Among other tasks, we're working on a tight integration of AppArmor in Tails, kernel and web browser hardening as well as sandboxing, just to name a few examples." developers said.