Important security issues have been found in some of the most popular VPN services currently on the market.
Researchers at Cisco Talos have uncovered two vulnerabilities in the NordVPN and ProtonVPN services that allowed hackers to hijack a user's computer.
The flaws used a design problem in both clients, with the creation of a new OpenVPN command line that would allow attackers to execute abritary code execution on Windows machines without requiring authorization, leaving the user's machines endangered.
The flaws, which were called CVE-2018-3952 and CVE-2018-4010, were similar to those found earlier this year by VerSprite, which was then patched by both suppliers, but the Talos team was able to circumvent these solutions .
The patches were initially released in April, with NordVPN releasing a second patch last month, with ProtonVPN issuing a fix earlier this month.
"Later versions of ProtonVPN solved this problem and users were automatically asked to update," a ProtonVPN spokesperson said ZDNet. "We have not seen any evidence that this is exploited in the wild, because a user's computer must first be compromised by a hacker before this bug can be misused."
The Talos team advised all ProtonVPN and NordVPN users to patch their services as quickly as possible to avoid potential risks.