Motherboard reports that Facebook hired a cybersecurity firm to develop a zero-day exploit for the video player in Tails (The Amnesic Incognito Live System). Facebook provided this exploit to the FBI to aid in the apprehension of a predator using Facebook to harass victims. This exploit was not disclosed to the Tails developers.
Also covered by Gizmodo, as seen on Schneier's blog.
[Ed Note - The zero day was provided to the FBI via a third party, not directly from Facebook.]
(Score: 2, Interesting) by Anonymous Coward on Tuesday June 16 2020, @12:46AM
Doesn't Tails run apps under AppArmor and Firejail sandboxes? A compromised browser or video player should not be able to discover the real networking information of the physical machine, or make direct outbound connections. They must have additionally used kernel-level exploits to break out of the sandbox, if I'm not mistaken.