Speedify macOS VPN Application Vulnerability Addressed Vulnerability Details: - CVE: CVE-2025-25364 - Type: Security Vulnerability in Speedify macOS VPN Application - Announced by: SecureLayer7 - Administered via: Software Update (February 3rd, 2025) Affected Devices: - macOS devices with Speedify downloaded prior to version 15.2 - Not affected: macOS users from App Store installations, Speedify users on other platforms Technical Details: - Functions Involved: - XPC Message Handler - function - function - Issue: Lack of proper input validation and malicious shell command execution with root privileges Response: - Rewritten helper tool architecture as a macOS System Extension - Implementation of strict input validation and sanitization - Removal of insecure XPC message handling mechanisms - Rigorous security testing Recommendations for Users: - Update to the latest version (currently 15.5 as of April 22nd, 2025) or at least version 15.2 - Verify the installation of the correct version through the settings menu - Consider changing system passwords if potentially vulnerable versions were running for extended periods Commitment to Security: - Demonstrates Connectify's dedication to user security and rapid vulnerability mitigation - Enhanced security reviews for privileged components and subsequent safeguarding