Tor browser, which is based on open source Firefox ESR needs to be updated immediately due to zero day exploit. Tor browser is mainly used by the users who don’t want to disclose their identity and visit sites restricted by their respective internet service provider or governments.
Because of this zero day exploit CVE-2016-9079, the real IP address of both sender and receiver can be disclosed whenever Tor browser user tries to connect through secure TCP network connection. This bug is a new one and its main motive is not different, instead of targeting Tor users and attempting to de-anonymize them. To nip this zero day exploit CVE-2016-9079, Tor developers released a security update, which is recommended to install without any delay. After installation, restart is required to implement the changes.
Both Windows and Mac systems are vulnerable to this zero day vulnerability. Incidentally, some of the Tor browser users have claimed to be safe from this vulnerability because they had set the security slider as high. As per the experts of Tor browser team, no exploit has been found in OS X and Linux systems.
Highlights of Zero Day Exploit CVE – 2016-9079
• Known as UAF (Use After Free)
• This bug deals with reading and displaying Scalable Vector Graphics files.
• Capable of collecting the identity (IP and Mac address) of Tor browser users and send it to the central server of attacker.
• Affects Mozilla’s Thunderbird email application and Firefox Extended Support Release version.
• Windows systems have been exploited and Mac OS as well as Linux OS systems are vulnerable to this exploit.
Latest Updates Available
• The latest version 6.0.7 of Tor browser is available that tackle Tor browser vulnerability to zero day exploit CVE-2016-9079. Click here to update your Tor browser.
• Download the updated Firefox ESR version 45.5.1 from here.
• Mozilla’s Thunderbird update version 45.5.1, download from this link.
We recommend you to check the version of your Firefox and Tor browser. If you don’t have the updated versions, then get these updated. The updated version will let you get rid of Tor browser vulnerability.