Tails live OS affected by critical zero-day vulnerabilities

A researchers at the Exodus Intelligence firm has discovered a series of zero day vulnerabilities in the popular Tails Linux-based distribution.

A researcher at Exodus Intelligence has discovered critical zero-day vulnerabilities in the popular Tails live operating system. Tails is considered by security experts an indispensable tool to preserve the privacy and security of users that intend to avoid surveillance and censorship.

The flaws in the Linux-based operating system Tails could be used by an attacker to reveal users’ identity according to the expert. Tails includes a suite of privacy applications and is designed to ensure users’ privacy while surfing through Tor network.

According to the researcher, the presence of critical flaws in Tails could be exploited by bad actors and law enforcements to de-anonymize Tor users and execute code remotely.

The researcher initially hasn’t provided the details about the vulnerabilities, the company just informed its followers through Twitter of the disconcerting discovery.

The firm didn’t plan to release the details of the exploit until the Tails development team will not fix them, but anyway, it said it would release details about the zero-day flaws in a series of blog posts next week.

But while I’m writing Exodus Intelligence revealed that the flaw lies in the I2P software that is included in the Tails distro and the company has released some details and a video demonstrating the exploitation of the vulnerability.

““The vulnerability we will be disclosing is specific to I2P. I2P currently boasts about 30,000 active peers. Since I2P has been bundled with Tails since version 0.7, Tails is by far the most widely adopted I2P usage. The I2P vulnerability works on default, fully patched installation of Tails. No settings or configurations need to be changed for the exploit to work,” the Exodus team wrote in a post explaining a bit about the flaw.”

Exodus Intelligence is a firm specialized in the identification of zero-day vulnerabilities, defensive guidance and vulnerability research trends. It sells its products to private clients and government entities, including the DARPA, imagine the availability of a Tails zero-day exploit in the hand of Intelligence.

“Our main goalwas to bring attention to the fact that no software is infallible and those seeking anonymity should not blindly trust a software recommendation (even if it is from Snowden),” said Aaron Portnoy, co-founder and vice president of Exodus.

Today a new version of the OS has been released, Tails 1.1, but experts at Exodus warned with a tweet that despite the distribution has been updated, also its latest version is still vulnerable to the zero-day attacks.