Business Wire

RealVNC Becomes First and Only Remote Access Solution to Complete White Box Audit to Validate Security


VNC Connect by RealVNC, the remote access service used by hundreds of millions of people worldwide, was audited by Cure53, the Berlin, Germany-based IT security consultancy who have also audited other industry leading software such as Mozilla VPN, 1Password and Bitwarden. The comprehensive audit, which took 86 person days and included VNC Server and VNC Viewer on Linux, Windows and Mac, VNC Viewer for iOS and Android, the VNC Connect management portal and backend services, found 38 security-relevant discoveries, none of which were critical and only three were deemed high severity, and these were fixed immediately. The report states, in conclusion, that RealVNC places a strong focus on the security posture of all its components.

“As the technologists responsible for bringing remote access to the mass market, we are today setting new standards and expectations for security in the face of the challenges of the modern IT environment. IT buyers of remote access technologies should expect no less than independent and comprehensive third-party validation of vendor claims. This is especially true for remote access software where the stakes are high, and a mistake could be reputationally damaging or even existential. With Cure53’s report, buyers can be confident that choosing RealVNC as their remote access vendor will never be a regret,” said Adam Greenwood-Byrne, CEO of RealVNC.

A white box security audit is significantly more in-depth than the more common black box penetration test (which RealVNC also commissions by an external organization annually), as the auditors have access to all of the source code, binaries and API/protocol documentation. Of the 38 vulnerabilities found across the range of software and services tested, 32 have been properly addressed — with the fixes confirmed by Cure53 — while the other six were flagged as either false-alerts or works-as-intended and evaluated to be of lower risk.

“At RealVNC, we operate from the standpoint that no company should ever take a vendor’s word for it when they claim their software is secure, which is why we chose to complete a white box audit with a highly regarded security consultancy to prove it,” said Andrew Woodhouse, CIO of RealVNC.

The Cure53 team is highly motivated to find issues when completing white box penetration tests. The fact that no critical threats were found reinforces RealVNC’s focus on ensuring its customers remain safe from threats when using VNC Connect.

“Cure53 is happy to state that test preparation, test execution and also the fix verification, which is one of the most important parts of such an audit, went smoothly and professionally. It is clear that RealVNC has demonstrated a genuine interest in ensuring VNC Connect's security and is prepared and committed to maintaining the high standards we have observed,” said Dr.-Ing. Mario Heiderich, Founder of Cure53.

Headquartered in Cambridge, RealVNC's products for desktop, mobile and embedded platforms make it easy for users to access and operate devices remotely while enabling remote users to work with technicians to resolve problems easily.

“We’re not shying away from any of the issues the report found. We actively fixed issues as they came up and, as security is an ever changing landscape, we’ll continue to ensure the security of VNC Connect in future iterations of the service,” said Ben May, Head of Cyber Security at RealVNC.

To review Cure53's summary of the audit, click here, and to learn more about why RealVNC chose to conduct a Cure53 audit, click here.


RealVNC’s secure remote access and management software is used by hundreds of millions of people worldwide. Their software helps organizations cut costs and improve the quality of supporting remote devices and applications, as well as enabling remote working. RealVNC is the original, UK-based, inventor of VNC remote access software and they support an unrivaled mix of desktop, mobile and embedded platforms.


Cure53 offers classic black-box penetration tests (zero-knowledge) as well as white-box tests and code audits. Web application and mobile app developers speak many languages and so do we. From classic languages such as PHP, JavaScript, ActionScript, Java, Ruby, Python and Perl to more exotic candidates like web back-ends written in C++ and Delphi – we've seen them.

Since Cure53 was founded in 2007, we have performed hundreds of penetration tests against all kinds of web applications, online services, hardware interfaces, mobile applications, libraries and crypto tools. We value manual and thorough tests, human interaction and communication and a short yet-to-the-point penetration test report without overhead or pie charts no one wants to see.

To view this piece of content from, please give your consent at the top of this page.

Contact information

Lauren Meckstroth

About Business Wire

Business Wire
Business Wire

Subscribe to releases from Business Wire

Subscribe to all the latest releases from Business Wire by registering your e-mail address below. You can unsubscribe at any time.

Latest releases from Business Wire

L&T Technology Services Inaugurates Engineering Design Centre in France28.6.2022 10:00:00 CEST | Press release

L&T Technology Services Limited (BSE: 540115, NSE: LTTS), a leading global pure-play engineering services company, inaugurated its Engineering Design Centre (EDC) in Toulouse, France, to initially cater to the new age digital requirements of the global aerospace and defence sectors. This press release features multimedia. View the full release here: Seen in the picture during the Ribbon Cutting Ceremony (from left to right): Deepanshu Khurana, Embassy of India; Véronique Canceill, Airbus; Amit Chadha, LTTS; Patrice Vassal, Invest in Toulouse; Marie-Eve Rigollet, Airbus (Photo: Business Wire) The EDC will initially focus on developing cutting-edge solutions for the aerospace and defence industries and LTTS will work with major OEMs in the region as an engineering partner. The center will specialize in end-to-end solutions for aerospace design & manufacturing, with a workforce of LTTS engineers having proven expertise in digital e

Turkish Medical Team Separates Conjoined Twins in 9 Hours, Breaking World Record28.6.2022 09:43:00 CEST | Press release

A Turkish medical team has successfully separated conjoined twins shortly after birth by employing a range of innovative techniques, including virtual simulations and 3D modeling. Carried out at Istanbul’s Acibadem Hospital, the successful procedure set a new world record for the fastest-ever operation of its kind. This press release features multimedia. View the full release here: Turkish Medical Team Separates Conjoined Twins in 9 Hours, Breaking World Record (Photo: Business Wire) “Thanks to our team of dedicated professionals, we were able to separate the twins in a well-planned surgical procedure that took about nine hours,” Prof. Mehmet Veli Karaaltin, who supervised the operation, says. He is an M.D. specialized in aesthetic, plastic and reconstructive surgery. As a result of the procedure, the twins, who were born conjoined at the breastbone but has two hearts, were both able to survive on their own. Born in Algeria, the

Denodo Recognized as an Enterprise Data Fabric Leader by Independent Analyst Firm Evaluation28.6.2022 09:00:00 CEST | Press release

Denodo, a leader in data management, today announced that Forrester Research, Inc., a leading independent technology and market research company, has positioned Denodo as a Leader in The Forrester Wave™: Enterprise Data Fabric, Q2 2022. According to the report, “Denodo is best fit for customers that are focusing on an enterprise-wide data fabric strategy to support BI, data collaboration, customer intelligence, data engineering, data science, IoT analytics, operational insights, and predictive analytics use cases.” The complete and complementary report, published on June 23, is available here. The Wave revealed that organizations want real-time, consistent, connected, and trusted data to support their critical business operations and insights. However, new data sources, slow data movement between platforms, rigid data transformation workflows, and governance rules, expanding data volume, and distributed data across clouds and on-premises, can cause organizations to fail when executing

Founders launch Plural: a €250m fund for fellow ‘Unemployables’ building Europe’s next generation of tech companies28.6.2022 09:00:00 CEST | Press release

Plural, a new investment platform started by the founders and backers of Europe’s most significant tech companies, has unveiled today a €250m early stage venture fund (Plural Platform SCSp RAIF, “Plural”) to back the next generation of founders with global ambitions. Set up by Ian Hogarth, Khaled Heloui, Sten Tamkivi and Taavet Hinrikus - with other recognised founders who will announce themselves soon - Plural is a scalable investment platform whose investors are exclusively former founders and operators with decades of company building experience. Plural was founded because the Plural founders saw that across Europe the vast majority of investors lacked experience of building tech businesses. In Europe just 8% of investors are former operators, in contrast to more than half of tech investors in the US. Plural’s founders believe that the scar tissue from building tech companies is invaluable in helping the next generation of founders to build companies with global potential. Plural’s

Tele2 Estonia boosts performance with ADVA ALM fiber monitoring solution28.6.2022 09:00:00 CEST | Press release

ADVA (FSE: ADV) today announced that Tele2 Estonia has deployed the ADVA ALM fiber monitoring solution for real-time assurance across its national network. The compact, plug-and-play device boosts operational efficiency and service availability. This helps Tele2 Estonia to improve customer experience and offer enhanced SLAs. Managed by the Ensemble Controller network management system with Ensemble Fiber Director, the solution gives Tele2 Estonia’s field forces full control over their optical infrastructure. With its simple graphical overlay, the ADVA ALM precisely pinpoints the location of fiber impairments, enabling proactive maintenance, reducing repair times and preventing network outages. This press release features multimedia. View the full release here: ADVA’s ALM is helping Tele2 Estonia to eliminate downtime and ensure services stay online. (Photo: Business Wire) “With the ADVA ALM, we can offer even more value to our c

In our pressroom you can read all our latest releases, find our press contacts, images, documents and other relevant information about us.

Visit our pressroom