Atlas VPN has confirmed a zero-day vulnerability that could allow malicious actors to disconnect users’ VPN connections and leak their real IP addresses.
The vulnerability affects the Linux client of Atlas VPN and was disclosed by a security researcher on Reddit.
The vulnerability works by sending a malicious request to the Atlas VPN client’s API endpoint. This request can be sent from any website, so it could be used by malicious actors to target Atlas VPN users who visit their websites.
Once the malicious request is sent, it will disconnect the user’s VPN connection and reveal their real IP address. This could allow malicious actors to track the user’s online activity or launch targeted attacks against them.
Atlas VPN has said that it is working on a fix for the vulnerability and that it will release a patch as soon as possible. In the meantime, the company has advised users to disable the Linux client until the patch is released.
“We’re aware of the security vulnerability that affects our Linux client. We take security and user privacy very seriously. Therefore, we’re actively working on fixing it as soon as possible. Once resolved, our users will receive a prompt to update their Linux app to the latest version.
The vulnerability affects Atlas VPN Linux client version 1.0.3. As the researcher stated, due to the vulnerability, the application and, hence, encrypted traffic between a user and the VPN gateway can be disconnected by a malicious actor. This could lead to the user’s IP address disclosure.
We greatly appreciate the cybersecurity researchers’ vital role in identifying and addressing security flaws in systems, which helps safeguard against potential cyberattacks, and we thank them for bringing this vulnerability to our attention. We will implement more security checks in the development process to avoid such vulnerabilities in the future. Should anyone come across any other potential threats related to our service, please contact us via security@Atlas VPN.com.”
– Atlas VPN.
This vulnerability is a reminder of the importance of using a VPN service that is reputable and has a good security track record. Users should also be careful about what websites they visit and what information they share online.
