Tails Linux 6.11 Released: Critical Security Fixes
An Anonymous Coward writes:
https://tails.net/news/version_6.11/index.en.html
https://gitlab.tails.boum.org/tails/tails/-/blob/master/debian/changelog
The vulnerabilities described below were identified during an external security audit by Radically Open Security and disclosed responsibly to our team. We are not aware of these attacks being used against Tails users until now. [Editor's Comment: I believe they mean 'up to now' or 'so far'.]
These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails.
If you want to be extra careful and used Tails a lot since January 9 without upgrading, we recommend that you do a manual upgrade instead of an automatic upgrade.
Prevent an attacker from installing malicious software permanently. (#20701)
In Tails 6.10 or earlier, an attacker who has already taken control of an application in Tails could then exploit a vulnerability in Tails Upgrader to install a malicious upgrade and permanently take control of your Tails.
Doing a manual upgrade would erase such malicious software.
Prevent an attacker from monitoring online activity. (#20709 and #20702)
In Tails 6.10 or earlier, an attacker who has already taken control of an application in Tails could then exploit vulnerabilities in other applications that might lead to deanonymization or the monitoring of browsing activity:
In Onion Circuits, to get information about Tor circuits and close them.
In Unsafe Browser, to connect to the Internet without going through Tor.
In Tor Browser, to monitor your browsing activity.
In Tor Connection, to reconfigure or block your connection to the Tor network.Prevent an attacker from changing the Persistent Storage settings. (#20710)
Also, Tails still doesn't FULLY randomize the MAC address; so much for anonymity.
Read more of this story at SoylentNews.