Skip to content

2024.8
Compare
Choose a tag to compare
@raksooo raksooo released this 04 Dec 12:51
· 1532 commits to main since this release
2024.8
This tag was signed with the committer’s verified signature.
faern Linus Färnstrand
GPG key ID: 14CC48CBFBF5D861
Learn about vigilant mode.
ac1eb15
This commit was signed with the committer’s verified signature.
faern Linus Färnstrand
GPG key ID: 14CC48CBFBF5D861
Learn about vigilant mode.

This release is for desktop only.

This release addresses issues identified in a recent audit. Here is a list of all changes since last stable release 2024.7.

Security

  • Remove invalidly set up alternative stack for fault signal handlers on unix based systems. This prevents potential stack overflow and heap memory corruption. Fixes audit issue MLLVD-CR-24-01.
  • Remove/disable not signal safe code from fault signal handler on unix based systems. Fixes audit issue MLLVD-CR-24-02.

Windows

  • Fix issue where the installer would allow any executable named taskkill.exe in the working directory to run as admin. This fixes audit issue MLLVD-CR-24-06.

Linux

  • Prevent attackers able to send ARP requests to the device running Mullvad from figuring out the in-tunnel IP. Fixes 2024 audit issue MLLVD-CR-24-03.
Assets 14
Loading