Ars Technica: Critical Tor flaw leaks users’ real IP address—update now

Ars Technica: Critical Tor flaw leaks users’ real IP address—update now. “Mac and Linux versions of the Tor anonymity browser just received a temporary fix for a critical vulnerability that leaks users’ IP addresses when they visit certain types of addresses. TorMoil, as the flaw has been dubbed by its discoverer, is triggered when users click on links that begin with file:// rather than the more common https:// and http:// address prefixes. When the Tor browser for macOS and Linux is in the process of opening such an address, ‘the operating system may directly connect to the remote host, bypassing Tor Browser,’ according to a brief blog post published Tuesday by We Are Segment, the security firm that privately reported the bug to Tor developers.”