People who use The Onion Router or TOR, specifically on Linux or Mac [not on Windows], should update the browser immediately because if they don’t they are at risk of losing the anonymity.
The flaw, discovered by Italian security researcher Filippo Cavallarin and is dubbed as TorMoil, leaks users’ real IP addresses to potential attackers when they visit certain types of web pages.
TorMoil is triggered when the browser opts for its traditional methods i.e. file:// instead of using the HTTPS or HTTP protocol. This process takes place because the Tor browser tries to create a direct connection with the URL being entered. This results in the server revealing the real IP address of the visitor.
Cavallarin, CEO of the security firm We Are Segment, privately reported the security vulnerability to Tor developers on October 26, and the Tor developers have rolled out an emergency update Tor version 7.0.8.
At the moment, the update does not fix the flaw entirely. Instead, it stops the users from going to the malicious links. But the Tor developers say if someone wants to visit the forbidden link, they can simply drag and drop the link in the new tab.
Experts are not sure if this is the flaw being used by the FBI to scan the deep web for users or whether this vulnerability has ever been used by hackers. Even though this vulnerability does not give out access to the user’s system, if anyone has the real IP it is only a matter of time when the malicious mind will get to work.