In September 2018, a privilege escalation bug was reported in the Proton VPN Windows app. This vulnerability has already been fixed. An update was pushed out to all users starting in August 2018. As long as you are using Proton VPN Windows version 1.6 or higher, this issue has been resolved. Anyone who downloaded the Proton VPN Windows App after August 2018 is also safe. You can check your Proton VPN version by clicking on ‘About’ in the dropdown menu.
Impact of the bug
In practice, this vulnerability was limited and difficult for an attacker to exploit. An attacker would need to already have access to your computer for the exploit to work. To put it simply, for this bug to be used against you, an intruder would have to have already breached your security. This bug was only present in our Windows app.
Remediation and future steps
We have implemented a patch for privilege escalation flaws to solve this issue. This patch should also prevent bugs of this nature in the future. We continue to work with independent security researchers around the globe to make Proton VPN more secure through our bug bounty program.
