Tails 7.9.1 Is Out: Patch the DirtyClone Kernel Flaw and Update Tor Browser Now
If you run Tails (The Amnesic Incognito Live System) for anonymous browsing and communications, you should take notice of the latest release. Tails 7.9.1 was published on July 1, 2026, and it addresses a serious kernel vulnerability known as DirtyClone, along with refreshing Tor Browser to its latest stable version. This update is important for maintaining the privacy and security guarantees that Tails aims to provide.
What Happened
The Tails project released version 7.9.1 to fix a local privilege escalation flaw in the Linux kernel that affects all Tails users. The vulnerability, dubbed DirtyClone, allows an attacker who already has limited local access to the system to escalate privileges to root. In the context of Tails, this could potentially compromise the entire operating environment — including persistent storage, encryption keys, and any active sessions.
Alongside the kernel fix, Tails 7.9.1 ships with an updated Tor Browser based on Firefox Extended Support Release (ESR), which includes the latest security patches and anonymity improvements from the Tor Project.
Why It Matters for Tails Users
DirtyClone is not a remote exploit; it requires local access to the machine. However, for a privacy-focused operating system like Tails, the consequences of a successful local privilege escalation are significant. Consider scenarios where an attacker gains physical access to a running Tails session (e.g., at a public workstation or while traveling) or where malicious software slips through via a compromised persistent storage partition or a corrupted file opened within Tails.
Because Tails runs entirely from RAM and is designed to leave no trace on the host computer, users often place a great deal of trust in the integrity of the live environment. A kernel-level exploit could defeat those protections, allowing persistent changes or data theft that defeats the very purpose of using Tails.
The Tor Browser update is equally critical. Tor Browser is the primary tool for anonymous web browsing within Tails. Updating to the latest ESR version ensures that known vulnerabilities in the browser are patched, reducing the chance of deanonymization through browser exploits.
What Readers Can Do
Update Your Tails Installation
The safest and easiest way to update is through the built-in automatic updater.
- If you are already running Tails 7.9 or 7.8: Connect to the internet and open the Tails Updater from the menu (System → Tails Updater). Follow the on-screen prompts to upgrade. A reboot will be required.
- If you are running an older version or prefer a manual installation: Download the ISO image of Tails 7.9.1 from the official Tails website and create a new bootable USB drive using Etcher, the built-in Tails Installer, or another trusted tool. Restart from the new USB. Then, if you use persistent storage, re-enable it after the first boot — your data will remain intact as long as you select the same persistent partition during installation.
Verify Your Current Version
To check which version you currently have, open a terminal in Tails and run:
tails-version
It should display 7.9.1 after the update.
Additional Security Best Practices
- Keep automatic updates enabled in Tails settings. This ensures you receive future security patches promptly.
- Use strong passphrases for persistent storage and any encrypted volumes you create within Tails.
- Avoid installing additional software unless absolutely necessary. Tails is designed to work with its bundled applications; adding more packages increases the attack surface.
- Be mindful of physical security. Do not leave a running Tails session unattended, especially in public or shared spaces.
- If you suspect your system has been compromised, shut down immediately and create a fresh Tails USB from a trusted source.
Sources
The information in this article is based on the official Tails release announcement and the original reporting by Linuxiac. For the complete list of changes in Tails 7.9.1, refer to the Tails changelog (https://tails.net/news/version_7.9.1/index.en.html) and the Linuxiac article that initially reported the update.