Subscribe to our newsletter to receive the same news by email:

Archive of all news

RSS Atom
Security audit of automatic upgrades and recent changes

Late 2024, Radically Open Security conducted another security audit of critical parts of Tails.

To better protect our users, we addressed the security vulnerabilities as soon as they were discovered and reported to us, without waiting for the audit to be complete and public.

We can now share with you the final report.

The auditors concluded that:

The Tails operating system leaves a strong security impression, addressing most anonymity-related concerns. We did not find any remote code execution vulnerabilities, and all identified issues required a compromised low-privileged amnesia user – the default user in Tails.

Looking back at the previous audit, we can see the Tails developers have made significant progress, demonstrating expertise and a serious commitment to security.

Findings

The auditors did not identify any vulnerability in:

  • The creation of the Persistent Storage with LUKS2, introduced in Tails 5.14 (June 2023)

  • Our security improvements to Thunderbird

  • The random seed feature, introduced in Tails 6.4 (June 2024)

The auditors found 4 issues in:

  • The automatic upgrade mechanism

  • Other important changes since Tails 5.8 (November 2023)

IDImpactDescriptionIssueStatusRelease
OTF-001HighLocal privilege escalation in Tails Upgrader#20701Fixed6.11
OTF-002HighArbitrary code execution in Python scripts#20702Fixed6.11
#20744Fixed6.12
OTF-003ModerateArgument injection in privileged GNOME scripts#20709Fixed6.11
#20710Fixed6.11
OTF-004LowUntrusted search path in Tor Browser launcher#20733Fixed6.12

Postmortem

Our team went further than simply fixing these issues. We conducted a postmortem to understand how we introduced these vulnerabilities in our releases and what we could do to avoid similar vulnerabilities in the future. This analysis led to technical, policy, and culture changes.

This analysis was useful and we'll definitely consider doing postmortems again after future audits. It might also be useful for other projects to understand how we worked on these long-lasting improvements.

Technical improvements

  • Postmortem of OTF-001

    While preparing a major Tails release based on a new version of Debian, for example, Tails 7.0, we will look for Perl code included in Tails that modifies @INC in a dangerous way. (#19627)

    Furthermore, we now automatically check for potentially vulnerable Mite code and fail the build if we find any.

  • Postmortem of OTF-002 (#20719 and !1911)

    Our CI now ensures that all our custom Python software runs in isolated mode.

  • Postmortem of OTF-003 (#20711 and !1979)

    Our sudo configuration is now generated from a higher-level description, which has safer defaults and demands explanations when diverging from them.

  • Postmortem of OTF-004 (#20817 and !2040)

    Our CI now ensures that we don't write software that does unsafe .desktop file lookup.

    We will also periodically audit the configuration of onion-grater, our firewall for the Tor control port. (#20821)

Policy and culture improvements

  • During the audit, we noticed that we lacked a policy about when we should make confidential security issues public.

    This was problematic because:

    • We have sometimes been too secretive.

      As a temporary measure, this protected our users by erring on the safe side. But, without a disclosure process, we were not meeting our own standards for transparency and openness to third-party reviews.

    • Different team members were working with different assumptions, which caused communication issues.

    To have better guidelines for confidentiality and disclosure, we created our security issue response policy, based on the policy of the Tor Project's Network Team.

  • We will be more intentional about when it's worth the effort and risk to do large code refactoring.

    While refactoring is necessary for a healthy software development process, this postmortem showed that large refactoring can also introduce security vulnerabilities.

  • When changing security-sensitive code, such as our sudo configuration or any code that elevates privileges, we now require an extra review focused on security.

  • We will communicate about security issues more broadly within our team when we discover them so that every team member can learn along the way.

Fighting against a nuclear project in France

Stop sign in front of a nuclear power plant

Robin is an activist in struggle against a nuclear project in France. He has been using Tails as his default operating system for all his activism since 5 years, creating a clear separation between his activism (using Tails) and personal life (using encrypted Debian).

At his place, many nomadic activists use Tails USB sticks instead of having personal computers, allowing them to maintain privacy while using shared devices.

After facing repression, encrypting all their data became a baseline practice in his group. He prefers training others on Tails because it's easier to implement than teaching full computer encryption.

Because Tails is easy to share, even people with low technical abilities are able to use it. For the security of a group, what matters is the lowest security level within that group.

Read our full interview with Robin.

Tails 6.15

Alterações e atualizações

  • Update Tor Browser to 14.5.1.

  • Update the Linux kernel to 6.1.135.

Problemas corrigidos

  • Make sure Tails cannot store data in UEFI variables or ACPI tables when crashing. (#20813)

  • Fix the appearance of the GRUB Boot Loader with Secure Boot. (#20899)

Para mais detalhes, leia nosso changelog.

Problemas conhecidos

  • Remove firmware for the Wi-Fi interfaces based on the BCM4301 and BCM4306 chips. (#20887)

    We believe that these interfaces are only available on computers that are too old to start Tails. Please let us know if your Wi-Fi stopped working in Tails 6.15.

  • The Unsafe Browser appears in the window list bar with the Tor Browser icon. (#20934)

  • Additional software may initially fail to install the first time you start Tails after upgrading. This should be fixed shortly after you connect to Tor.

  • Connecting to the Internet with USB tethering is broken with some phones. (#20940)

Get Tails 6.15

Para atualizar seu pendrive USB com Tails e manter seu armazenamento persistente

  • Automatic upgrades are available from Tails 6.0 or later to 6.15.

  • Se você não puder fazer uma atualização automática ou se o Tails não iniciar após uma atualização automática, tente fazer uma atualização manual.

To install Tails 6.15 on a new USB stick

Siga nossas instruções de instalação:

O armazenamento persistente no pendrive USB será perdido se você instalar ao invés de atualizar.

Para somente baixar

If you don't need installation or upgrade instructions, you can download Tails 6.15 directly:

Tails 6.14.2

This release is an emergency release to fix security vulnerabilities in the Linux kernel and the implementation of the Perl programming language.

Alterações e atualizações

Para mais detalhes, leia nosso changelog.

Get Tails 6.14.2

Para atualizar seu pendrive USB com Tails e manter seu armazenamento persistente

  • Automatic upgrades are available from Tails 6.0 or later to 6.14.2.

  • Se você não puder fazer uma atualização automática ou se o Tails não iniciar após uma atualização automática, tente fazer uma atualização manual.

To install Tails 6.14.2 on a new USB stick

Siga nossas instruções de instalação:

O armazenamento persistente no pendrive USB será perdido se você instalar ao invés de atualizar.

Para somente baixar

If you don't need installation or upgrade instructions, you can download Tails 6.14.2 directly:

Tails 6.14.1

Today, we are releasing 6.14.1 instead of 6.14 because we discovered an important issue while testing 6.14 on Tuesday and had to start the release process again to fix it.

Novos recursos

More flexible confinement of Tor Browser

We improved the confinement technology that we use to protect your files from possible security vulnerabilities in Tor Browser.

Until now, Tor Browser could only save downloads to and read files from a limited number of folders.

With Tails 6.14.1, you can safely access any folder in your Home folder or Persistent Storage from Tor Browser.

This new integration also solves other usability and accessibility issues:

  • The Large Text accessibility feature works in Tor Browser. (#19266)

  • The Cursor Size accessibility feature works in Tor Browser. (#19572)

  • The minimize and maximize buttons are available again in the title bar. (#19328)

These improvements rely on 2 security technologies: the flexibility of the new XDG Desktop Portals of Flatpak allowed us to relax the AppArmor confinement, improving usability without compromising on security.

Alterações e atualizações

  • Update Tor Browser to 14.0.9.

  • Update the Tor client to 0.4.8.16.

Problemas corrigidos

  • Fix the Welcome Screen freezing after unlocking the Persistent Storage. (#20783)

  • Add a clearer border to the Kleopatra window when on white background. (#20861)

  • Fix the error when closing the check for upgrades from About Tails. (#20861)

Para mais detalhes, leia nosso changelog.

Get Tails 6.14.1

Para atualizar seu pendrive USB com Tails e manter seu armazenamento persistente

  • Automatic upgrades are available from Tails 6.0 or later to 6.14.1.

  • Se você não puder fazer uma atualização automática ou se o Tails não iniciar após uma atualização automática, tente fazer uma atualização manual.

To install Tails 6.14.1 on a new USB stick

Siga nossas instruções de instalação:

O armazenamento persistente no pendrive USB será perdido se você instalar ao invés de atualizar.

Para somente baixar

If you don't need installation or upgrade instructions, you can download Tails 6.14.1 directly:

Tails 6.13

Novos recursos

Detecção de problemas com hardware Wi-Fi

Infelizmente, problemas com Wi-Fi são bastante comuns no Tails e no Linux em geral.

Para ajudar a solucionar problemas de compatibilidade de hardware com interfaces Wi-Fi, o assistente Tor Connection agora informa quando nenhum hardware Wi-Fi é detectado.

Aviso na conexão Tor: Nenhum hardware Wi-Fi detectado

Alterações e atualizações

  • Atualiza o Tor Browser para 14.0.7.

  • Atualiza o cliente Tor para 0.4.8.14.

Problemas corrigidos

  • Detecta erros de particionamento também quando o Tails é iniciado pela primeira vez. (#20797)

    Isso resolve algumas falhas ao criar o Armazenamento Persistente em um novo pendrive USB com Tails.

  • Corrige os botões Configurar e Mostrar log na notificação quando a instalação de software adicional falha. (#20781)

    Notificação: A instalação do seu software adicional falhou

Para mais detalhes, leia nosso changelog.

Baixe o Tails 6.13

Para atualizar seu pendrive USB com Tails e manter seu armazenamento persistente

  • Atualizações automáticas estão disponíveis do Tails 6.0 ou posterior para o 6.13.

  • Se você não puder fazer uma atualização automática ou se o Tails não iniciar após uma atualização automática, tente fazer uma atualização manual.

Para instalar o Tails 6.13 em um novo pendrive USB

Siga nossas instruções de instalação:

O armazenamento persistente no pendrive USB será perdido se você instalar ao invés de atualizar.

Para somente baixar

Se você não precisa de instruções de instalação ou atualização, você pode baixar o Tails 6.13 diretamente:

Substituindo balenaEtcher pelo Rufus como instalador para Windows

We replaced balenaEtcher with Rufus in our installation instructions for Windows to solve privacy concerns with balenaEtcher.

Since January 2019, we had been recommending balenaEtcher to install Tails from Windows and macOS. We loved the simplicity of balenaEtcher, which was really easier to use and worked on macOS as well.

Shortly after, balenaEtcher started displaying ads. Although we didn't like that, we initially didn't view it as a significant privacy risk and had no better alternative at the time.

However, in 2024, the situation changed: balenaEtcher started sharing the file name of the image and the model of the USB stick with the Balena company and possibly with third parties. While we have not experienced or heard of any attacks against Tails users stemming from this change, we believe it introduces potential for abuse. To eliminate that risk altogether, we started looking again for alternatives.

After evaluating 7 other tools, we finally chose Rufus. We had tested Rufus many years ago, even before recommending balenaEtcher, but it was much harder to use and modified the Tails image in ways that were risky.

Congratulations to Akeo Consulting, the company behind Rufus, for really improving the usability and reliability of their tool!

We have not yet replaced balenaEtcher in our installation instructions for macOS because Rufus doesn't work on macOS. Also, as Tails doesn't work on Apple M1 and M2 processors, people who install Tails from macOS represent less than 10% of installations nowadays.

Still, we recommend 2 alternatives for macOS: installing Tails using dd on the command line or using Raspberry Pi Imager.

Tails 6.12

Important security fixes

The vulnerabilities described below were identified during an external security audit by Radically Open Security and disclosed responsibly to our team. We are not aware of these attacks being used against Tails users until now.

These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails.

  • Prevent an attacker from monitoring Tor circuits. (#20733 and #20744)

    In Tails 6.11 or earlier, an attacker who has already taken control of an application in Tails could then exploit vulnerabilities in Onion Circuits and our Tor Browser wrapper that might lead to deanonymization.

  • Prevent an attacker from changing the Persistent Storage settings. (#20745)

Alterações e atualizações

  • Add a button to check for upgrades from the About Tails utility.

  • Add the keyboard shortcut Ctrl+Alt+T to open a Terminal.

  • Update Tor Browser to 14.0.5.

  • Update Thunderbird to 128.6.0esr.

Problemas corrigidos

  • Ensure all our Python code keeps running in isolated mode. (#20719)

  • Simplify the troubleshooting instructions when an automatic upgrade fails. (#20466)

  • Avoid freezing the Welcome Screen while activating the Persistent Storage. (#20635)

  • Made time synchronization more reliable when restarting Tor. (#20530)

  • Display an error message when upgrading the encryption of the Persistent Storage to LUKS2 fails. (#20634)

Para mais detalhes, leia nosso changelog.

Problemas conhecidos

  • When installing additional software from your Persistent Storage fails, the Configure and Show Log buttons in the notification don't work.

    Notification: The installation of your additional software failed

    • To configure your additional software, choose Applications ▸ Persistent Storage and click on the button of the Additional Software feature.

    • To show the log, execute the following command in a Terminal.

      cat /run/live-additional-software/log

Get Tails 6.12

Para atualizar seu pendrive USB com Tails e manter seu armazenamento persistente

  • Automatic upgrades are available from Tails 6.0 or later to 6.12.

  • Se você não puder fazer uma atualização automática ou se o Tails não iniciar após uma atualização automática, tente fazer uma atualização manual.

To install Tails 6.12 on a new USB stick

Siga nossas instruções de instalação:

O armazenamento persistente no pendrive USB será perdido se você instalar ao invés de atualizar.

Para somente baixar

If you don't need installation or upgrade instructions, you can download Tails 6.12 directly:

Tails 6.11

Critical security fixes

The vulnerabilities described below were identified during an external security audit by Radically Open Security and disclosed responsibly to our team. We are not aware of these attacks being used against Tails users until now.

These vulnerabilities can only be exploited by a powerful attacker who has already exploited another vulnerability to take control of an application in Tails.

If you want to be extra careful and used Tails a lot since January 9 without upgrading, we recommend that you do a manual upgrade instead of an automatic upgrade.

  • Prevent an attacker from installing malicious software permanently. (#20701)

    In Tails 6.10 or earlier, an attacker who has already taken control of an application in Tails could then exploit a vulnerability in Tails Upgrader to install a malicious upgrade and permanently take control of your Tails.

    Doing a manual upgrade would erase such malicious software.

  • Prevent an attacker from monitoring online activity. (#20709 and #20702)

    In Tails 6.10 or earlier, an attacker who has already taken control of an application in Tails could then exploit vulnerabilities in other applications that might lead to deanonymization or the monitoring of browsing activity:

    • In Onion Circuits, to get information about Tor circuits and close them.
    • In Unsafe Browser, to connect to the Internet without going through Tor.
    • In Tor Browser, to monitor your browsing activity.
    • In Tor Connection, to reconfigure or block your connection to the Tor network.

  • Prevent an attacker from changing the Persistent Storage settings. (#20710)

Novos recursos

Detection of partitioning errors

Sometimes, the partitions on a Tails USB stick get corrupted. This creates errors with the Persistent Storage or during upgrades. Partitions can get corrupted because of broken or counterfeit hardware, software errors, or physically removing the USB stick while Tails is running.

Tails now warns about such partitioning errors earlier. For example, if partitioning errors are detected when there is no Persistent Storage, Tails recommends that you reinstall or use a new USB stick.

Warning in the Welcome Screen: Errors were detected in the partitioning of your Tails USB stick.

Alterações e atualizações

  • Update Tor Browser to 14.0.4.

  • Update Thunderbird to 128.5.0esr.

  • Remove support for hardware wallets in Electrum. Trezor wallets stopped working in Debian 12 (Bookworm), and so in Tails 6.0 or later.

  • Disable GNOME Text Editor from reopening on the last file. (#20704)

  • Add a link to the Tor Connection assistant from the menu of the Tor status icon on the desktop.

  • Make it easier for our team to find useful information in WhisperBack reports.

Para mais detalhes, leia nosso changelog.

Get Tails 6.11

Para atualizar seu pendrive USB com Tails e manter seu armazenamento persistente

  • Automatic upgrades are available from Tails 6.0 or later to 6.11.

  • Se você não puder fazer uma atualização automática ou se o Tails não iniciar após uma atualização automática, tente fazer uma atualização manual.

To install Tails 6.11 on a new USB stick

Siga nossas instruções de instalação:

O armazenamento persistente no pendrive USB será perdido se você instalar ao invés de atualizar.

Para somente baixar

If you don't need installation or upgrade instructions, you can download Tails 6.11 directly:

Tails 6.10

Alterações e atualizações

  • Update Tor Browser to 14.0.3.

  • Update Thunderbird from 115.16.0 to 128.4.3.

Problemas corrigidos

  • Fix support for Trezor hardware wallets in Electrum. (#20138)

  • Fix an issue that prevented the Tails desktop to open with fewer memory. (#20631)

  • Disable saving telemetry data in Thunderbird. (#20661)

Para mais detalhes, leia nosso changelog.

Get Tails 6.10

Para atualizar seu pendrive USB com Tails e manter seu armazenamento persistente

  • Automatic upgrades are available from Tails 6.0 or later to 6.10.

  • Se você não puder fazer uma atualização automática ou se o Tails não iniciar após uma atualização automática, tente fazer uma atualização manual.

To install Tails 6.10 on a new USB stick

Siga nossas instruções de instalação:

O armazenamento persistente no pendrive USB será perdido se você instalar ao invés de atualizar.

Para somente baixar

If you don't need installation or upgrade instructions, you can download Tails 6.10 directly: