ProtonMail has passed an independent security audit. Like the source code of its applications, the Swiss company also makes the research results of the audit public. The research team found a significant vulnerability.
The research was conducted by Securitum. The security company has conducted both black box and white box tests. In this study, the web apps for Proton’s mail and calendar service were tested. The white box tests were performed based on the code that is publicly available on Proton ‘s GitHub .
This means that the new version of ProtonMail was immediately tested for vulnerabilities by an independent party. At the beginning of June, the company released ProtonMail version 4.0 , which gave the mail app new functions and a refreshed appearance.
In total, five security issues were found. Four of these issues were classified as low-risk vulnerabilities by the researchers. One of the vulnerabilities was classified as ‘medium’. This involved ‘reflected cross-site scripting’ with which code could be injected via JavaScript via an image in the attachment of an email.
It is not the first time that Proton has made its security audit public. Previously, the company also did this for previous versions of ProtonMail and for ProtonVPN.
