Atlas VPN Windows application is safe from the privilege escalation vulnerability
In May, the Israel National Cyber Directorate informed us about the privilege escalation vulnerability that was discovered on our Windows application. At the time, we were already conducting an internal penetration testing during which we identified the said vulnerability. It helped us act immediately and eliminate the vulnerability quickly. Therefore, we released the updated version of our application containing the fix for the vulnerability within a few days.
The CVE privilege escalation vulnerability was eliminated before the vulnerability was disclosed and is not present on our Windows application since its latest version.
What does it mean for Atlas VPN Windows users?
In order for the malicious actor to exploit the privilege escalation vulnerability discovered on the Atlas VPN Windows app, the actor already had to have access to the user's device beforehand. It means that your Windows computer could not have been exploited due to the vulnerability alone.
The vulnerability could have been taken advantage of only if your computer had an unresolved security breach in the past or the malicious actor had physical access and user login details for your computer. In such a case, a malicious actor could have obtained elevated access to run administrative commands or deploy malicious scripts. However, it would have been possible only if the malicious actor knew that such vulnerability existed in the first place.
Nevertheless, the privilege escalation vulnerability has been fixed, and it no longer exists on the Atlas VPN app.
Security has always been our priority
Our application safety is our priority. Therefore, our team of software engineers, developers, system administrators, and other IT professionals continually strives to ensure that our systems are secure and function as intended. Unfortunately, no one is safe from mistakes. However, internal penetration testing and independent cybersecurity research help us identify and fix them quickly.
In addition to our internal penetration testing, we are also planning to do an independent third-party audit this year that will enable us to test the security of our applications through and through.
We always appreciate the input that makes our products better, and we are very grateful to the Israel National Cyber Directorate for notifying us about the said vulnerability and giving us time to eliminate it before going public. The work of independent researchers and organizations such as the Israel National Cyber Directorate is critical in helping keep the digital landscape secure for everyone.