The recently discovered critical zero-day vulnerabilities found in the Tails operating system disclosed by Exodus Intelligence lies in the I2P software that is bundled with the operating system alongside the company has released further details and a video demonstrating an active exploit against the uncovered flaws.

I2P is an anonymity network, somewhat similar to the architecture of Tor, that encrypts all communications end to end that are run through I2P nodes, while enabling private and anonymous usage of the Internet and various resources including email, instant messaging, and web browsing. I2P is a packet switched network rather than a circuit switched network which Tor Network uses, and communications over the network are message-based. The I2P architecture is designed to treat each node with identical importance to all other nodes, meaning there is no central servers routing the traffic.

Exodus Intelligence researchers stated the vulnerabilities discovered were present in a number of Tails operating system versions, including Tails newest release Tails 1.1.

“The vulnerability we will be disclosing is specific to I2P. I2P currently boasts about 30,000 active peers. Since I2P has been bundled with Tails since version 0.7, Tails is by far the most widely adopted I2P usage. The I2P vulnerability works on default, fully patched installation of Tails. No settings or configurations need to be changed for the exploit to work,” the Exodus team wrote in a blog post explaining the vulnerabilities.

Exodus researchers disclosed the vulnerabilities to the Tails developers on Wednesday, shortly before publishing their outline on the flaws. A number of security researchers criticized Exodus Intelligence for not disclosing the zero-day vulnerabilities to Tails developers earlier. Tails newest release 1.1 was released Tuesday, and Exodus tweeted Monday that the operating system was still vulnerable to remote code execution.

Exodus is known for selling vulnerabilities they uncover in a number of products to clients, which include United States agencies and DARPA. Aaron Portnoy, co-founder and vice president of Exodus Intelligence told Threatpost that the company was never selling the Tails vulnerabilities and was only interested in bringing attention to the fact that no software should be noted secure, even tools recommended by Edward Snowden, such as Tails.