X41 conducted a white box penetration test on the Mullvad VPN Application with access to the source code. The test uncovered six vulnerabilities, but overall, the application demonstrated a high level of security due to safe coding practices, regular audits, and penetration tests. The most serious vulnerabilities involved memory corruption issues in the signal handler code. Despite some vulnerabilities, Mullvad VPN AB addressed them promptly. The findings are detailed in the report released by X41. Mullvad VPN AB’s quick response and collaboration were appreciated. The audit’s results and technical details can be accessed through the provided links. The use of obfuscation technologies and proxy services within the VPN provides additional security options for users.
https://x41-dsec.de/news/2024/12/11/mullvad/