The Amnesic Incognito Live System (Tails) has released version 6.11, addressing critical security vulnerabilities uncovered during an external audit by Radically Open Security. These vulnerabilities, though requiring an attacker to first compromise an application within Tails, could have led to serious breaches of privacy and security.
“These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails,” the Tails team acknowledged in their release statement. However, they were quick to reassure users that they are “not aware of these attacks being used against Tails users until now.”
Among the key fixes in Tails 6.11 are:
- Prevention of malicious software installation: A vulnerability in the Tails Upgrader, which could have allowed attackers to install persistent malware, has been patched. “In Tails 6.10 or earlier, an attacker who has already taken control of an application in Tails could then exploit a vulnerability in Tails Upgrader to install a malicious upgrade and permanently take control of your Tails,” the team explained.
- Enhanced protection against online monitoring: Several vulnerabilities that could have allowed attackers to monitor online activity, potentially leading to deanonymization, have been addressed. These vulnerabilities affected applications like Onion Circuits, Unsafe Browser, Tor Browser, and Tor Connection.
- Securing Persistent Storage settings: A vulnerability that could have allowed attackers to manipulate Persistent Storage settings has been fixed.
In addition to these critical security fixes, Tails 6.11 introduces a new feature to detect partitioning errors, which can cause issues with Persistent Storage and upgrades. The update also includes updates to Tor Browser (14.0.4) and Thunderbird (128.5.0esr), while removing support for hardware wallets in Electrum.
Users are strongly encouraged to upgrade to Tails 6.11 as soon as possible. The Tails team recommends a manual upgrade for those who have used Tails extensively since January 9th and want to be extra cautious. This ensures any potential malicious software is erased during the upgrade process.
