atlasVPN
atlasVPN

Features

Pricing

VPN apps

Use cases

Blog

Help

Log in

Atlas VPN Windows application is safe from the privilege escalation vulnerability

Ruth C. | June 22, 2022

In May, the Israel National Cyber Directorate informed us about the privilege escalation vulnerability that was discovered on our Windows application. At the time, we were already conducting an internal penetration testing during which we identified the said vulnerability. It helped us act immediately and eliminate the vulnerability quickly. Therefore, we released the updated version of our application containing the fix for the vulnerability within a few days. 

The CVE privilege escalation vulnerability was eliminated before the vulnerability was disclosed and is not present on our Windows application since its latest version.

What does it mean for Atlas VPN Windows users?

In order for the malicious actor to exploit the privilege escalation vulnerability discovered on the Atlas VPN Windows app, the actor already had to have access to the user's device beforehand. It means that your Windows computer could not have been exploited due to the vulnerability alone. 

The vulnerability could have been taken advantage of only if your computer had an unresolved security breach in the past or the malicious actor had physical access and user login details for your computer. In such a case, a malicious actor could have obtained elevated access to run administrative commands or deploy malicious scripts. However, it would have been possible only if the malicious actor knew that such vulnerability existed in the first place. 

Nevertheless, the privilege escalation vulnerability has been fixed, and it no longer exists on the Atlas VPN app.

Security has always been our priority

Our application safety is our priority. Therefore, our team of software engineers, developers, system administrators, and other IT professionals continually strives to ensure that our systems are secure and function as intended. Unfortunately, no one is safe from mistakes. However, internal penetration testing and independent cybersecurity research help us identify and fix them quickly. 

In addition to our internal penetration testing, we are also planning to do an independent third-party audit this year that will enable us to test the security of our applications through and through.

We always appreciate the input that makes our products better, and we are very grateful to the Israel National Cyber Directorate for notifying us about the said vulnerability and giving us time to eliminate it before going public. The work of independent researchers and organizations such as the Israel National Cyber Directorate is critical in helping keep the digital landscape secure for everyone.

Ruth C.

Ruth C.

Cybersecurity Researcher and Publisher at Atlas VPN. Interested in cybercrime, online security, and privacy-related topics.

Tags:

CVE
Terms and conditions
Privacy policy
PayPalVisaMasterCardUnion PayAmexDiscoverDiners ClubJCBGoogle Pay

© 2023 Atlas VPN. All rights reserved.

Atlas VPN

Features
Servers
Use cases
Free VPN
Refer a friend
Student discount
What is VPN
What is my IP

Information

About us
Blog
YouTube creators
Affiliate
Non-profit support
Media center
Warrant canary
For Media partners

Apps

Windows
macOS
Linux
Android
iOS
Android TV
Fire TV Stick

Follow us

Need help?

Help center
Contact us
Terms and conditions
Privacy policy
PayPalVisaMasterCardUnion PayAmexDiscoverDiners ClubJCBGoogle Pay

© 2023 Atlas VPN. All rights reserved.