TorMoil vulnerability reveals true IP from Tor Browser

Tor Project has released a security patch for Tor browser on Mac and Linux to patch the vulnerability of revealing users' true IP address.

This vulnerability was researched by Filippo Cavallarin, CEO of We Are Segment, an Italian company specializing in network security and hacking white hats.

The vulnerability he called TorMoil and reported separately to the Tor Project last week. The Tor Project developers worked with Firefox's team (Tor Browser was built based on Firefox) to provide a fix.

See also: Firefox brings the same security features as the Tor browser

Today, Tor released version 7.0.9 that patched this vulnerability. Tor Browser 7.0.9 is only available on Mac and Linux. Windows users are not affected.

Leaking IP address due to 'file: //' links

According to Cavallarin, this is actually a Firefox bug in the way the browser handles the file: // URLs, though there is no problem with Firefox, are a disaster for Tor.

TorMoil vulnerability reveals true IP from Tor Browser Picture 1
The IP address may be exposed even after using Tor Browser

'Once the Tor Browser user goes to the website, the operating system can connect directly to the remote host and not through Tor Browser'. That way, Tor will not go through the switch relay and expose the real IP address.

TorMoil has not been exploited yet

'We still haven't seen this vulnerability exploited in practice,' said Tor Project. But an attacker can use reverse engineering and delete the patched code. A good programmer can easily understand how the bug works and exploit it.

Developers also said the patch to fix IP leaks is just a temporary solution, to help prevent IP leaks as quickly as possible, the file: // URL function may not work in some cases. . According to Tor developers, users can open the file: // URL by dragging and dropping the link to the new tab.