Tails Linux OS Version 4.8 Released; Unsafe Browser disabled and updates TOR Browser 9.5.1, Thunderbird 68.9.0, and Linux kernel 5.6.0
Considered to be one of the most secure and anonymity-guaranteed Linux Distros, the Tails OS has been in the news recently when Facebook managed to hack into it using a zero-day in the default video player. Facebook reportedly paid a six-figure amount to a third-party software firm to exploit the zero-day in Tails OS to identify a serial child-sex offender for FBI.
Today Tails OS released its updated version 4.8 based on Linux Kernel 5.6.0 and having all-new TOR Browser v9.5.1. It also added the latest version of Firefox emailing software, Thunderbird 68.9.0. However, the release notes or changelogs don’t mention anything about the zero-day exploited by Facebook and the FBI. The changelog doesn’t mention whether the Tails OS dev team was able to fix the zero-day in the default video player.
What’s new with Tails OS v4.8?
The most notable change in Tails OS v4.8 is that it has been upgraded to Linux Kernel 5.6.0. The Tails OS 4.8 changelog mentions fixes to following vulnerabilities:
- Tor Browser: MFSA to be announced
- Thunderbird: Mozilla Foundation Security Advisory 2020-22
- Linux: CVE-2020-13974, CVE-2020-10766, CVE-2020-10767, CVE-2020-10768, CVE-2019-19462, CVE-2020-10732, CVE-2020-10757, CVE-2020-0543, CVE-2020-12464, CVE-2020-12770, CVE-2020-10711, CVE-2020-13143, CVE-2020-12655, CVE-2020-11884
- libgnutls30: Debian Security Advisory 4697
- intel-microcode: Debian Security Advisory 4701
Another notable change is Unsafe Browser has been disabled by default in Tails version 4.8. The Tails OS dev team said that Unsafe Browser could be used for deanonymizing users by governments and other authorities. The team added that the Unsafe Browser could be used with other security flaws in the apps running on the OS to reveal the user’s IP address.
An attacker could exploit a security vulnerability in Thunderbird by sending you a phishing email that could start an invisible Unsafe Browser and reveal them your IP address. Such an attack is very unlikely but could be performed by a strong attacker, such as a government or a hacking firm.
Tails OS dev team
Tails team said that Unsafe Browser can reveal your IP even if the app isn’t running, and this is the reason the app has been disabled by default.
You can download the Tails OS version 4.8 for your operating system from below links :Tails OS v4.8 Windows version Tails OS v4.8 Apple macOS version Tails OS v4.8 Linux version