Hãy viết lại bài viết dài kèm hashtag về việc đánh giá sản phẩm và mua ngay tại Queen Mobile bằng tiếng VIệt: Mozilla VPN undergoes second security audit

Mua ngay sản phẩm tại Việt Nam:
QUEEN MOBILE chuyên cung cấp điện thoại Iphone, máy tính bảng Ipad, đồng hồ Smartwatch và các phụ kiện APPLE và các giải pháp điện tử và nhà thông minh. Queen Mobile rất hân hạnh được phục vụ quý khách….
_____________________________________________________
Mua #Điện_thoại #iphone #ipad #macbook #samsung #xiaomi #poco #oppo #snapdragon giá tốt, hãy ghé [𝑸𝑼𝑬𝑬𝑵 𝑴𝑶𝑩𝑰𝑳𝑬] ✿ 149 Hòa Bình, phường Hiệp Tân, quận Tân Phú, TP HCM
✿ 402B, Hai Bà Trưng, P Tân Định, Q 1, HCM
✿ 287 đường 3/2 P 10, Q 10, HCM
Hotline (miễn phí) 19003190
Thu cũ đổi mới
Rẻ hơn hoàn tiền
Góp 0%

Thời gian làm việc: 9h – 21h.

KẾT LUẬN

Hãy viết đoạn tóm tắt về nội dung bằng tiếng việt kích thích người mua: Mozilla VPN undergoes second security audit

Mozilla VPN has undergone an independent audit, the reports for which were released on 6th December, 2023. This is its second one, and the first Mozilla VPN audit was back in 2021. The audit was undertaken by Cure53, a Brazilian cybersecurity firm with more than 15 years of industry experience of assessing the best VPN services.

The audit’s scope included checking the Mozilla VPN apps for macOS, Linux, Windows, iOS, and Android. Two major vulnerabilities were found during the process; one was flagged as critical and the other as high risk. The good news is that both these vulnerabilities were duly fixed by the company. Let’s now go into the details of all of the vulnerabilities that were uncovered.

FVP-03-008: Keychain access level leaks WG private key to iCloud (critical risk) 

Native Messaging API was used to communicate between Multi-Account containers (mentioned in FVP-03-011) and mozillavpnnp. The Auditors found that mozillavpnnp isn’t capable of restricting application callers, meaning a malicious actor could interact with the VPN and disable it. 

This vulnerability was flagged as high-risk and was addressed by the VPN provider.

FVP-03-003: DoS via serialized intent (medium risk) 

Testings revealed that the Mozilla Android VPN app was exposing user activities to third parties, which could be leveraged to crash the app altogether through a crafted intent. A background app can do this recurrently, making the Android app inoperational and causing a DoS.

However, this was only considered a medium-level threat as the WireGuard tunnel didn’t fail even after the app crash. This is because it’s managed by the Android OS. The issue was fixed by Mozilla, which was duly verified by Cure53.

FVP-03-009: Lack of access controls on daemon socket (medium risk) 

Cure53 found in its test that the daemon socket on macOS didn’t have access control enforcement, which is important to verify that the user sending commands to the daemon socket is authorized to do so. 

Without this, any unauthorized user can read and clear daemon logs, leak public keys, and terminate the daemon and VPN connection. This vulnerability has been attended to by the VPN provider, and the fix has been verified by Cure53.

FVP-03-010: VPN leak via captive portal detection (medium risk) 

The audit found that the captive portal notification feature could send unencrypted HTTP requests outside of the VPN tunnel, which could lead to IP leakage. Cure53 advised turning off the feature specifically to prevent such leaks. 

However, the risks associated with this vulnerability are relatively low since the exploitation methods are complex. Like other threats, this, too, has been neutralized by Mozilla.

Bottom line

As you can see, Mozilla VPN wasn’t able to score a clean report from Cure53. However, the audit helped the provider improve parts of its VPN services, which could have compromised user safety in the future. 

For the same reason, we recommend only those VPN services that undergo regular audits, even if the reports are not always perfect – it goes to show the provider’s commitment to making its VPN safe and reliable for the public at large. Plus, as it’s in the case of Mozilla VPN, any vulnerabilities found during these audits can be fixed before it’s too late.

Xem chi tiết và đăng kýXem chi tiết và đăng kýXem chi tiết và đăng ký