"To be clear, while the Firefox vulnerability is cross-platform, the attack code is Windows-specific. It appears that TBB users on Linux and OS X, as well as users of LiveCD systems like Tails, were not exploited by this attack," he pointed out, and added that "it's reasonable to conclude that the attacker now has a list of vulnerable Tor users who visited those hidden services."
"Consider switching to a 'live system' approach like Tails. Really, switching away from Windows is probably a good security move for many reasons," he advises. "Be sure to keep up-to-date in the future. Tor Browser Bundle automatically checks whether it's out of date, and notifies you on its homepage when you need to upgrade. Recent versions also add a flashing exclamation point over the Tor onion icon."
Bitdefender added detection against the Tor Browser Bundle exploit to its products.
"As the exploit is, we judge the probability of it being used in other attacks by other actors as high. So far, a handful of installed Bitdefender instances in France and the Dominican Republic have reported detection of the exploit," they shared.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.