A zero-day exploit that has compromised a service accused of aiding the distribution of child abuse images affects Macs as well as Windows.
Websites using service provider Freedom Hosting to post material have had code added to their pages which could help identify the people visiting them.
The service provider uses Tor to deliver web pages, designed to keep online activity anonymous by hiding it through layers of encryption, but the ‘hidden Internet’ has helped people distribute and view child abuse images without consequence.
The malware targeted Mozilla’s Firefox 17, which is used in the Tor browser, and its code was intended to affect Windows users, sending the user’s IP address to a server in the US, widely suspected to be a law enforcement agency.
Tor immediately advised people to stop using Microsoft’s operating system, but now it has been discovered that the malware is actually cross-platform.
Jerome Segura, malware researcher at Malware Bytes, said that the hack also affects Firefox 17 on Apple computers.
He said: "From our tests, code execution only seems to happen on Windows. [But on Macs] the browser crashes, and even if no actual code execution happened, the possibility is not out of this world."
Freedom Hosting’s terms and conditions state that illegal activities are not allowed on the sites it supports, but that it is notresponsible for users’ actions.
The malware has raised fears of unintended consequences, including hackers adding its code to their armoury, as well as organisations using it to identify people using Tor’s ‘hidden internet’ for legitimate purposes.
