On 23 November The Register published an article about research shared by Kaspersky Lab, which uncovered 37 security holes in VNC-based remote access software. The report analysed four open-source applications based on VNC (Virtual Network Computing) technology and identified a number of vulnerabilities. In the original report, Kaspersky note that they did not inspect RealVNC remote access software as part of this investigation.
Following the publication of the article, we want to assure our clients worldwide that RealVNC remote access software does not contain any of the C code from the original AT&T labs open-source versions of VNC. For this reason, our software is not susceptible to the same class of security holes, nor to the specific vulnerabilities mentioned in the Kaspersky report. We cannot comment on free or open-source VNC implementations, nor other commercial products that implement the RFB protocol.
The RealVNC’s VNC Connect EULA, referred to by Kaspersky in the original article, prevents the reverse-engineering of our software specifically to prevent it being repackaged and resold, which is standard in the industry. RealVNC is extremely proud of the security of our software and our secure development practices, and we’ll be happy to collaborate with genuine security researchers to verify the security of our software and services.
For further information on the security of VNC Connect, refer to our Security and Compliance hub at https://www.realvnc.com/en/connect/security/.