Tails v6.12: Important Security Fixes

• In a recent external security audit conducted by Radically Open Security, several vulnerabilities were uncovered in the Tails operating system. These findings were responsibly disclosed to the Tails development team for assessment and resolution.

"We are not aware of these attacks being used against Tails users until now. These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails," said the project.

What's new

• Prevent an attacker from monitoring Tor circuits. In Tails 6.11 or earlier, an attacker who has taken control of an application could exploit weaknesses in Onion Circuits and the Tor Browser wrapper, potentially leading to deanonymization.
• Prevent an attacker from changing the Persistent Storage settings.
• Add a button to check for upgrades from the About Tails utility.

• Add the keyboard shortcut Ctrl+Alt+T to open a Terminal.
• Update Tor Browser to 14.0.5.
• Update Thunderbird to 128.6.0esr.
• Ensure all Python code keeps running in isolated mode.
• Simplify the troubleshooting instructions when an automatic upgrade fails.
• Avoid freezing the Welcome Screen while activating the Persistent Storage.
• Made time synchronization more reliable when restarting Tor.
• Display an error message when upgrading the encryption of the Persistent Storage to LUKS2 fails.

For more details, see the project's changelog.

The project has removed support for Trezor hardware wallets in Electrum in v6.11 due to incompatibility issues with Debian 12 as it is 'broken and no longer maintained.'

Tails Announcement / Archive
Tor Article / Archive

• Do you want more? Subscribe and get No Bullshit GM report straight to your mailbox and No Bullshit Bitcoin on Nostr.
• Feedback or tips? Drop it here.