The next release of Tails operating system, which integrates numerous anonymization tools to uphold privacy of the user, is set to include a range of fixes, but it may still be vulnerable to zero-day bugs.
Exodus Intelligence is an organization focused on discovering vulnerabilities in various products and selling them to its clients. They've posted a tweet saying that Tails OS 1.1, scheduled to become available on July 22, still integrates security issues that could lead to de-anonymization of the user.
The Twitter message informs that the remote code execution bugs they found are still valid and have not been fixed in the upcoming version of the OS, which is based on Debian Linux.
According to The Register, Exodus researcher Loc Nguyen said that the system’s design was seriously flawed. He also noted that the glitches found by the vulnerability analysis group would not be sold to their clients and instead they would work with the developers to repair them.
We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective. #tails #tor
— Exodus Intelligence (@ExodusIntel) July 21, 2014
Tails (The Amnesic Incognito Live System) has gained increased popularity since it became known that it was used by Edward Snowden to communicate with journalists about the NSA documents leaks. The operating system runs the message exchange tools through the TOR (The Onion Router) network in order to hide the identity of the user.