The zero-day flaws have been uncovered by Exodus Intelligence, the organization that finds all sorts of vulnerabilities and lets customers know about it before informing the whole Internet community. This means that customers may use the vulnerability whatever way they like, possibly for de-anonymizing anyone the government considers a target. Exodus Intel plans to tell The Tails creators about the issues duly but no timeline has been disclosed yet.
The security flaw reports hit Tails at a very bad time as it has just released version 1.1. Tails OS promises privacy by running all traffic through Tor, the network that routes your traffic through different layers of servers and encrypts it to ensure privacy. Tails is designed to be stored on a flash drive, so that users could easily remove it and leave no trace on their computers. However recent exploit found by Exodus might undo many security promises of this software, which was praised by Snowden a lot.
“These flaws are in the 1.0.1 version of Tails and it allows to exploit a targeted user both for remote code execution and de-anonymization,” Loc Nguyen, a researcher at Exodus said. Remote code execution means that a hacker can install malware on victim’s system, draw off files from it, basically do whatever he likes with victim’s computer.
“Considering the purpose of Tails which is to provide a completely secured non-attributable platform, users are at risk due to these flaws. Tails was created in order to increase privacy by maintaining privacy and making sure user communications and actions will not be attributable. Hence any violation of these pillars can be considered as highly critical,” Nguyen added.
Use VPN services provided by NordVPN to get security and privacy you seek.