ExpressVPN’s Apps for Windows, macOS & Linux Verified by 3 Independent Audits

  • F-Secure has tested the latest ExpressVPN Windows client (v12).
  • Cure53 was hired to audit ExpressVPN’s clients for macOS and Linux.
  • The results of the latest round of audits are highly positive.

It’s been only a couple of weeks since ExpressVPN revealed the results of its privacy protection-related audits. Those two audits were done by KPMG and Cure53, both of which are respectable cyber-sec companies. Also, that round of audits focused on the VPN’s protection of its privacy policy and server technology security, which ExpressVPN aced.

And now, the VPN has unveiled the results of 3 additional audits, focusing on its clients for Windows, macOS, and Linux. That means the entire suite of ExpressVPN’s desktop apps was under the spotlight, with the purpose of validating the accuracy of the VPN’s security claims.

The latest audit of ExpressVPN’s Windows app (v12) was done by F-Secure, just months after F-Secure reviewed ExpressVPN’s v10 Windows app. Without any surprise, the results of the latest audits are highly positive. No vulnerabilities were discovered, and there was only one informational observation regarding the use of insecure C/C++ functions (already fixed).

It's crucial to mention that no vulnerabilities were identified in the ExpressVPN v12 Windows app, so arbitrary code execution and information disclosure or ID address leakage is impossible.

In terms of the audits of ExpressVPN’s macOS and Linux applications, those results are also worthy of praise. Cure53 was hired for those audits, whose team highlighted a total of 6 findings, 2 of which were categorized as security vulnerabilities (already fixed). As per Cure53, “the overall yield of findings is relatively small in comparison to similarly-scoped audits.”

When it comes to ExpressVPN’s Linux application, the results of that audit highlight a total of 5 issues, 3 of which were marked as “Medium.” There were no findings considered overly serious, and most of those were already addressed by ExpressVPN’s team. As Cure53 concluded: “the ExpressVPN Linux client and codebase demonstrated that the components in scope have been developed and deployed with a lot of attention to security best practices.”

As part of our continuous trust and transparency efforts, we’re proud to announce that all of our desktop apps have now been audited,” said Brian Schirmacher, penetration testing manager at ExpressVPN. Schirmacher also added that we can expect to see ExpressVPN’s mobile apps audited soon, which would put ExpressVPN miles ahead of its competition in terms of transparency and trust.

If you’d like to learn more about the previous audits and other recent development regarding this capable VPN, check out our summary of what’s new in ExpressVPN.

Latest
How to Watch Interior Design Masters Season 4 Online from Anywhere
Fans of this reality show, which offers ambitious designers a chance to demonstrate their abilities and pursue their dreams of becoming professional...
How to Watch Rock The Block Season 4 Online: Stream the Renovation Series from Anywhere
Rock the Block, the smash hit home remodeling contest series, is back for its most fantastic season ever! The new six-episode season...
How to Watch Spring Baking Championship Season 9 Online: Stream the Cooking Competition from Anywhere
There’s no better way to welcome spring with some freshly baked goods, and that’s precisely how we’ll usher in the good weather...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari