ProtonVPN and NordVPN have been found to contain vulnerabilities which allow hackers to execute arbitrary code with administrator privileges on computers running Windows.
The bugs CVE-2018-3952 (affecting NordVPN) and CVE-2018-4010 (affecting ProtonVPN) were discovered by Cisco Talos security researchers and are similar to another security flaw (tracked as CVE-2018-10169) discovered in March by security consulting firm VerSprite.
By April, both NordVPN and ProtonVPN had released patches to fix the original vulnerability, but nevertheless, it was still possible to execute code as an administrator according to Talos - albeit through a different means of exploit.
The initial vulnerability was due to OpenVPN being able to select a malevolent configuration file when choosing a VPN configuration, which could then give access to private information and hacking through arbitrary commands.
Both clients use the OpenVPN open-source software to set up secure connections from one point to another. Since the service requires admin privileges to run, any code that it runs also has access to these privileges. However, Cisco Talos found that by putting certain parameters in quotation marks the bug fixes could be bypassed.
NordVPN developed a fix by August by generating OpenVPN configuration files that cannot be edited by users. ProtonVPN's patch was released earlier this month and changed the location of the configuration files to the installation directory where users can't modify it.
Speaking to ZDNet, ProtonVPN said that, "Later versions of ProtonVPN have resolved this issue and users have been automatically prompted to update. We have not seen any evidence of this being exploited in the wild, as a user's computer needs to first be compromised by a hacker before this bug can be exploited ... The fix we have implemented should eliminate all bugs of this nature. We continue to work with independent security researchers around the globe to make ProtonVPN more secure through our bug bounty program."
It is advised to update both VPNs as soon as possible to eliminate the compromise.