ProtonVPN and NordVPN reinforce incomplete patch for code execution bug September 7, 2018 https://www.scmagazine.com/home/new...orce-incomplete-patch-for-code-execution-bug/
Very interesting. I somehow doubt that this is coincidence. Maybe just shared resources, as discussed elsewhere. Or
VerSprite's Github page mentioned in Talos' site describes many vulns in various VPN apps both on Windows & Mac, as well as the vendor's response time line. It can be very valuable source to evaluate these vendor's seriousness about security, as long as you take each vuln's detail (e.g. is it acceptable or silly?) into account.
Cool! It's https://github.com/VerSprite/research Lots of fail to go around, there I see nothing for AirVPN, IVPN, Mullvad or PIA, however
Oops I was just searching filenames Anything else juicy buried in those cryptically named files? Edit: OK, from Google searches "private site:https://github.com/VerSprite/" => hits " airvpn site:https://github.com/VerSprite/" => no hits " boleh site:https://github.com/VerSprite/" => no hits " ivpn site:https://github.com/VerSprite/" => no hits " mullvad site:https://github.com/VerSprite/" => no hits So hey
Having vulns is not necessarily bad. But if you looked the page closer, you'll find some vendors repeatedly failed to fix the vuln or don't accept it as vuln. I think PIA's attitude is in a better side.