Tails recently released version 6.11, which contains fixes for a number of critical security vulnerabilities. These vulnerabilities would require an attacker to have first gained access to the system remotely (which is not currently known to be possible), and the Tails team is not aware of any of these vulnerabilities actively being used in the wild.

We strongly recommend out of an abundance of caution, however, that you upgrade the Admin Workstation and Journalist Workstation to Tails 6.11 at your earliest convenience. The Secure Viewing Station does not need to be updated in response to this advisory, since it is always kept offline.

The next time you establish a connection to Tor from within Tails, you will be prompted to upgrade to version 6.11 automatically. This process takes around 30 minutes, depending on the speed of the Tor connection.

If you do not receive this prompt when you are connected to Tor, or if you would like to perform an even more secure manual upgrade, you can find the steps for doing so here.

Please note that the SecureDrop Workstation is not affected, as it does not use Tails and has automatic updates.

Questions and comments

If you have questions or comments regarding this release, please contact us:

• Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request)
• Via securedrop@freedom.press (PGP encrypted) for sensitive security issues (please use judiciously)
• Via a report to Bugcrowd

We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!