Not only was ExpressVPN confirmed as the #1 best VPN on the market in our latest round of testing, it also passed all the latest independent audits of its security infrastructure.
Two different cybersecurity firms, Cure53 and F-Secure respectively, were urged to check all their desktop applications for vulnerabilities. In particular, Cure53 conducted penetration tests and source code audits of its macOS and Linux applications. F-Secure has conducted similar checks on the latest version (v12) of its Windows client.
Despite finding minor bugs, all reports state that ExpressVPN is a safe choice to secure your most sensitive data from any cyber threats.
As part of our no-compromise approach to your privacy and digital security needs, we’ve conducted not one but three successful third-party audits to validate our security claims. Why three?…November 9, 2022
“No major problems and a strong experience”
“As a result of the lack of major issues and strong impressions gained during the audit, Cure53 can only confirm that the ExpressVPN team is doing due diligence in their efforts against the numerous and varied threats that modern VPN applications face,” concluded the audit by the company, praising the access grant and cooperation from the supplier during the process.
As mentioned earlier, between June and July 2022, Cure53 conducted white-box testing of the ExpressVPN apps for macOS and Linux. They were intended to verify that the privacy of users is always protected.
In both cases, the auditors could only find a few minor vulnerabilities that pose very little risk to user data.
Specifically, the macOS app review revealed only two minor security risks and four possible improvements. Check out the full report results here (opens in a new tab).
Similarly, an audit of its Linux application revealed two vulnerabilities and three general weaknesses with lower exploit potential.
“It should be made clear that this list of issues is very short, indicating an overall good performance from this round of testing” Cure53 wrote.
At the same time, ExpressVPN developers claimed that these errors have since been corrected.
After asking F-Secure to review the previous version of the app, the secure VPN provider decided to call the company to recheck its latest version of Windows 12 in March.
In this case, a combination of white-box and grey-box tests showed no security vulnerabilities. Only an unexploitable information problem was found, but it was already fixed and retested as solved a month later. Check final report (opens in a new tab) for more details.
“These audits are a testament to the efforts we put into improving and securing our product, and we are thrilled to have received validation from Cure53 and F-Secure,” said Brian Schirmacher, ExpressVPN Penetration Testing Manager.
“We have committed to auditing our mobile apps soon and will continue to ensure privacy and security at every point of contact with our product.”