430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Proton Technologies makes the code of ProtonMail iOS App open source

Proton Technologies announced this week that it has made available the source code of its popular ProtonMail iOS App. The Proton Technologies firm continues to propose initiatives aimed at ensuring the transparency of its ProtonMail applications, this week it announced the availability of the source code of its popular ProtonMail iOS App. Recently the cybersecurity […]

Proton Mail

Proton Technologies announced this week that it has made available the source code of its popular ProtonMail iOS App.

The Proton Technologies firm continues to propose initiatives aimed at ensuring the transparency of its ProtonMail applications, this week it announced the availability of the source code of its popular ProtonMail iOS App.

Recently the cybersecurity firm SEC Consult reviewed the source code of the ProtonMail iOS App and found seven low-risk vulnerabilities in the popular mobile mail client.

“During the initial code review, SEC Consult found seven low-risk vulnerabilities in the reviewed source code and the mobile app.” reads the report published by SEC Consult. “Although issues with certificate validation have been identified within the encrypted communication between the mobile application and the backend system, the inner layer of end-to-end encryption could not be broken.”

The vulnerabilities found by the researchers include hardcoded credentials, missing certificate pinning, account upgrade bypass methods, debug messages being enabled and leaking user data.

In addition to the source code, Proton Technologies has made available some documentation, including its iOS security and trust models, that should make it easier for interested parties to review the code.

“Already there are third-party audits for OpenPGPjs and GopenPGP, our open source cryptographic libraries. Earlier this year, we engaged the renowned security firm SEC Consult to conduct an independent audit of ProtonMail’s iOS application.” reads the blog post published by the company. “We are now making our iOS app open source now that it has been independently vetted. For more information, read the full iOS app audit report.”

“In pursuit of this goal, independent third-party audits of all our other clients are underway, and we look forward to open sourcing even more of our code,” continues the post.

The company explained that developers are free to implement and build upon the methods that it has documented and published. The contribution of the cyber security community could help the company to solve real-world privacy challenges, making popular privacy-focused applications safer and more robust.

In May, the email service ProtonMail has been accused of offering voluntarily real-time surveillance assistance to law enforcement.

On May 10, while Stephan Walder, a public prosecutor and head of the Cybercrime Competence Center in Switzerland’s Canton of Zurich, was giving a presentation at an event when the Swiss lawyer Martin Steiger live-tweeted from the event that Walder incidentally mentioned ProtonMail as a service provider that voluntarily offers support to law enforcement.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – ProtonMail, privacy)

[adrotate banner=”5″]

[adrotate banner=”13″]