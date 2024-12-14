Overall, the Mullvad VPN Application appear to have a high security level and are well positioned to protect from the threat model proposed in this report. The use of safe coding and design patterns in combination with regular audits and penetration tests led to a very hardened environment.

The most serious vulnerabilities are considered to be race conditions and temporal safety violations leading to memory corruption issues in the signal handler code. While exploitation of the signal handler code once triggered seems not unlikely, the fact that an attacker first needs to trigger a signal via another fault reduces the severity of the issues. Other vulnerabilities allow leaking information about the identity of a user by network adjacent attackers and to perform side channel attacks that could in specific circumstances reveal which site a client is currently accessing.