Frequently Asked Questions About the 2015-01-08 Vulnerability
2015-03-19 Tunnelblick Vulnerability FAQ
What is the problem?
Some versions of Tunnelblick include a version of the OpenSSL library that is vulnerable to several attacks.
For details on the vulnerabilities, see OpenSSL Security Advisory 03 Mar 2015.
How can I protect my computer from these vulnerabilities?
Update to the latest version of Tunnelblick (either the latest stable version or the latest beta version).
Can Tunnelblick Updates Be Compromised by These Vulnerabilities?
No. There is an additional protection built into the Tunnelblick update process: updates are signed with a digital signature. When you update Tunnelblick, the program checks the digital signature.
How can I update to the latest version of Tunnelblick?
You will need your computer's administrator password to update Tunnelblick.
Note: Users of a Deployed version of Tunnelblick must obtain a new version of Tunnelblick from the person or organization that distributed Deployed. See How can I know if I am using a Deployed version.
How to use Tunnelblick's built-in update function
How to install the latest version of Tunnelblick
What versions of Tunnelblick have known vulnerabilities?
The following versions have this or other known vulnerabilities:
What version of Tunnelblick do I have?
If there is no version information, it is Tunnelblick version 3.0b9 or earlier.
Am I Using a Deployed Version?
Note: If you try to install Tunnelblick 3.2beta22 or higher on a computer that has a Deployed version of Tunnelblick, an error message will be displayed and the installation will not be performed.
If a "Deploy" folder exists in "Resources", you are using a "Deployed" version of Tunnelblick.
Are there any exploits?
Unknown as of the date of this posting (2015-03-19).
Do I need to be running Tunnelblick to be vulnerable?