Tails 6.12 Enhances Security by Closing Vulnerabilities

The latest version of the privacy-focused Linux distribution, Tails 6.12, has been released, addressing critical security vulnerabilities that previously allowed potential attackers to deanonymize users. This update is crucial for individuals who rely on Tails for anonymous browsing and secure communications.

According to the Tails development team, the discovered vulnerabilities permitted attackers to monitor Tor circuits. In order to exploit these weaknesses, an attacker would first need to gain control over an application running within Tails. Once they have access, they could leverage flaws in both the 'Onion Circuits' and the 'Tor Browser' wrapper to potentially deanonymize users. Additionally, another vulnerability was identified that allowed attackers to alter the settings of the persistent storage.

The security flaws were uncovered during an audit conducted by Radically Open Security. The release of Tails 6.12 and subsequent versions rectifies these issues, providing users with enhanced protection. Alongside the security enhancements, this update introduces several new features, including a button in the 'About Tails' dialog for checking for upgrades.

Users will also benefit from improved functionality, such as the ability to open a terminal window directly with the keyboard shortcut 'Ctrl' + 'Alt' + 'T'. The default Tor Browser has been updated to version 14.0.5, and the Thunderbird email client has been upgraded to version 128.6.0esr. Furthermore, Python code now operates entirely in an isolated mode, which enhances security. The welcome screen no longer freezes when the persistent storage feature is activated, and time synchronization during the startup of Tor has been made more reliable. In cases where the encryption upgrade of persistent storage to LUKS2 fails, Tails now displays an error message to inform the user.

However, some issues persist. For instance, when errors occur during the installation of additional software from persistent storage, the 'Configure' and 'Show Log' buttons may not function properly.

The updated Tails operating system, designed for portability, is available for download from the Tails website. Users can install it on USB sticks or create an ISO image for burning onto DVDs.

This recent update follows the previous release of Tails 6.11 in January, which also addressed significant security vulnerabilities. In that version, a potential attack vector was identified where attackers could have used the integrated updater to inject malicious upgrades, gaining permanent control over vulnerable Tails systems.