A vulnerability has been discovered in the Tor Browser that can reveal a user’s real IP address. Once an affected user navigates to a specially crafted web page, the operating system may directly connect to the remote host, bypassing Tor Browser.
- Tor 7.0.8 and earlier for MacOS and Linux
- Tor alpha channel 7.5a6 and earlier for MacOS and Linux
- Users and administrators are encouraged to update their version for the Tor browser to 7.0.9 or 7.5a7 for MacOS and Linux.
- Administrators should only allow access to Tor browser for users with genuine business needs.