ExpressVPN mentioned in an announcement that Cure53 and F-Safe examined its macOS, Linux and Home windows desktop apps by white-box penetration assessments and supply code audits from June to August 2022 and didn’t discover too many flaws.
ExpressVPN on Wednesday (November 9) introduced that it validated the safety posture of its macOS, Linux, and Home windows desktop apps by three new unbiased audits by revered cybersecurity corporations, Cure53 and F-Safe.
ExpressVPN mentioned in an announcement that Cure53 examined each its macOS and Linux desktop apps by white-box penetration assessments and supply code audits from June to August 2022.
“They discovered a low quantity of points in our macOS app, uncovering solely two safety vulnerabilities and 4 informational weaknesses with low exploitation potential. We rapidly addressed all related findings, with Cure53 reviewing the fixes to make sure no further weaknesses had been launched,” it added.
“In conclusion, this evaluation of the most recent ExpressVPN software for macOS iteration leaves an exceptionally stable impression with reference to safety,” writes Cure53 of their report.
“All in all, the ExpressVPN group deserves excessive reward for its efforts to offer an exceptionally safe macOS shopper. Only some minor hardening enhancements are required to raise the platform’s safety posture to an exemplary stage.”
Equally, the audit of its Linux app returned a brief checklist of safety points, based on the corporate. Out of the 5 discoveries, there have been two safety vulnerabilities and three basic weaknesses with decrease exploitation potential, all of which have since been reviewed by ExpressVPN’s inner group. “Absence of findings past a Medium rank is one more robust constructive indicator of the situation of the safety premise on the ExpressVPN Linux targets,” notes Cure53.
F-Safe performed a safety audit on the Home windows app (v12) from February 2022 to March 2022. The audit assessed two essential options of the app:
“We’re happy to share that F-Safe didn’t discover any important weaknesses. F-Safe’s unbiased auditors discovered just one informational subject in our Home windows v12 app, which was not exploitable. The problem has already been mounted, which F-Safe confirmed in a retest in April 2022,” ExpressVPN mentioned.
No important, excessive, medium or minor points appear to have been discovered. F-Safe concluded: “It was not attainable to achieve details about ExpressVPN’s shoppers or out-of-the-network site visitors. Nor was it attainable to execute code remotely by assaults equivalent to Man-in-the-Center (MitM), TLS downgrading, or packet injection.”
(Edited by : Shoma Bhattacharjee)
