Upcoming Privacy-Conscious Tails OS 1.1 Could Include Zero-Day Flaws

Vulnerability analysis outfit to work with developer to eliminate glitches

Jul 22, 2014 13:45 GMT · By Ionut Ilascu

Security flaws lead to de-anonymization of the user

14 DAY TRIAL // JUST $1.00 Play Starfield, Forza Motorsport, and hundreds of other PC games for one low monthly price.

The next release of Tails operating system, which integrates numerous anonymization tools to uphold privacy of the user, is set to include a range of fixes, but it may still be vulnerable to zero-day bugs.

Exodus Intelligence is an organization focused on discovering vulnerabilities in various products and selling them to its clients. They've posted a tweet saying that Tails OS 1.1, scheduled to become available on July 22, still integrates security issues that could lead to de-anonymization of the user.

The Twitter message informs that the remote code execution bugs they found are still valid and have not been fixed in the upcoming version of the OS, which is based on Debian Linux.

According to The Register, Exodus researcher Loc Nguyen said that the system’s design was seriously flawed. He also noted that the glitches found by the vulnerability analysis group would not be sold to their clients and instead they would work with the developers to repair them.

We're happy to see that TAILS 1.1 is being released tomorrow. Our multiple RCE/de-anonymization zero-days are still effective. #tails #tor
— Exodus Intelligence (@ExodusIntel) July 21, 2014

Tails (The Amnesic Incognito Live System) has gained increased popularity since it became known that it was used by Edward Snowden to communicate with journalists about the NSA documents leaks. The operating system runs the message exchange tools through the TOR (The Onion Router) network in order to hide the identity of the user.

#Tails OS#Tails#privacy#encryption#TOR