Zero-Day Vulnerabilities Identified in Tails Operating System
The Texas-based security firm, Exodus Intelligence, tweeted on Monday that it had found several remote code execution vulnerabilities in Tails operating system. The firm explained that the architect of the operating system is seriously vulnerable that could leads to put users’ security at risk.
Today tails has launched its big release, Tails version 1.1
, but Exodus warned via a tweet
that the latest version of the OS is still vulnerable to the zero-day attacks it had identified. The firm don’t want to release the details of the exploit until there is a patch, but it said it would release details about the zero-day flaws in a series of blog posts next week.
Exodus Intelligence usually identifies vulnerabilities in various products and sell them to their clients, including the US agencies and DARPA; but in this case they have decided to do not sell the Tails remote code execution exploit to any of its client.
Tails OS developers claimed
that the company
has not yet responsibly disclosed the vulnerabilities details to them.
"We were not contacted by Exodus Intel prior to their tweet. In fact, a more irritated version of this text was ready when we finally received an email from them. They informed us that they would provide us with a report within a week."
I know, Tails is considered to be one of the best options for privacy conscious Internet users, but such revelations indicates that no software or operating system offers complete privacy and security to users even if they are developed by keeping anonymity as the first priority
The company also assured its users
to provide some extra features among improving the security of the operating system.
"Being fully aware of this kind of threat, we're continuously working on improving Tails' security in depth. Among other tasks, we're working on a tight integration of AppArmor in Tails, kernel and web browser hardening as well as sandboxing, just to name a few examples." developers said.