Der Mullvad-Blog

The third party security audit of the Mullvad VPN app has concluded that the app has a high security level. Some non-critical issues were found, and have been fixed to the extent possible. Mehr lesen

The TestFlight beta release of our iOS app, 2024.4 (1), has a bug that can lead to traffic leaks when connecting if you have quantum-resistant tunnels enabled (disabled by default). Mehr lesen

We evaluated the impact of the latest TunnelVision attack (CVE-2024-3661) and have found it to be very similar to TunnelCrack LocalNet (CVE-2023-36672 and CVE-2023-35838). Mehr lesen

Vulnerabilities in some implementations of Kyber, the quantum-resistant key encapsulation mechanism, were recently disclosed. Mullvad’s quantum-resistant tunnels are not affected by this vulnerability, nor any vulnerability of the same kind. Mehr lesen

We tasked the Netherlands based security firm Radically Open Security (RoS) with performing the third audit towards our VPN infrastructure. Mehr lesen

Assured AB were contracted to perform a security assessment of our new Leta search service between 2023-03-27 and 2023-03-31. Mehr lesen

Assured AB were contracted to perform a security assessment of our account and payment services between 2022-11-07 and 2022-11-29. Mehr lesen

A security assessment of the Mullvad VPN apps has concluded that the app is well-architected from a security perspective. Some issues were found, and they have been fixed to the extent possible. Mehr lesen

We are now running our own self-hosted authoritative DNS servers which we have spread around the world for redundancy, trust and performance. Mehr lesen