Serious vulnerabilities were found in two of the most popular VPN services on the market. Cisco Talos security investigators unleashed 2 vulnerabilities in the ProtonVPN and NordVPN services, through which a hacker can hijack the victim's system.
CVE-2018-10169 code vulnerability made it possible to run code with administrator rights without the user knowing it. Patches have already been released for this vulnerability.
Vulnerability was also caused by 2 applications (ProtonVPN and NordVPN) thanks to the similar design of their applications. The interface of both applications is executed with the user's permissions. This includes the application settings like the desired server.
According to the vulnerability description, when the user started the connection process with the default server, "the attacker could, by replacing the VPN profile, execute (and run each time the connection was made) a code on the victim's system.
By executing code at this point, it is possible to tap critical information, hijack the victim's system and more.
Both companies have made statements about the safety of their services, pointing out that all users have now refreshed their applications in the latest releases. They also stressed that there was no evidence to suggest that there was even a exploitation of the vulnerability, because exploiting it would have to pre-empt the system in a different way.