Major security flaws found in top VPN services
Major security flaws have been found in some of the most popular VPN services on the market today.
Researchers at Cisco Talos uncovered two vulnerabilities in the NordVPN and ProtonVPN services that could have allowed hackers to hijack a user's machine.
The flaws took advantage of a design issue in both clients, with the creation of a new OpenVPN command line possibly allowing attackers to carry out the execution of abritary code on Windows machines without needing authorisation, putting user's machines at risk.
VPN security
The flaws, which were named CVE-2018-3952 and CVE-2018-4010, were similar to one found earlier this year by VerSprite, which had then been patched by both vendors, however the Talos team were able to circumvent these fixes.
The patches were initially released in April, with NordVPN issuing a second patch last month, with ProtonVPN releasing a fix earlier this month.
"Later versions of ProtonVPN have resolved this issue and users have been automatically prompted to update," a ProtonVPN spokesperson told ZDNet. "We have not seen any evidence of this being exploited in the wild, as a user's computer needs to first be compromised by a hacker before this bug can be exploited."
The Talos team advised all ProtonVPN and NordVPN users to patch their services as soon as possible to avoid any potential risk.
VIA: ZDNet
