Security News > 2020 > March > No Patch for VPN Bypass Flaw Discovered in iOS
Proton Technologies, the company behind the privacy-focused ProtonMail and ProtonVPN services, this week disclosed the existence of a vulnerability in Apple's iOS mobile operating system that prevents VPN applications from encrypting all traffic.
When a VPN is used, the device's operating system should close all existing internet connections and reestablish them through a VPN tunnel to protect the user's data and privacy.
"Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," Proton explained in a blog post.
The bigger problem is that the user's IP address and the IP of the server they are connecting to remain exposed, and the server will see the user's real IP instead of the VPN server's IP. "Those at highest risk because of this security flaw are people in countries where surveillance and civil rights abuses are common," Proton explained.
The company pointed out that new internet connections will connect through the VPN tunnel, but connections that are running when the user connects to the VPN server will remain outside the tunnel.
News URL
http://feedproxy.google.com/~r/Securityweek/~3/Ok6GrPaYIqg/no-patch-vpn-bypass-flaw-discovered-ios
Related news
- Check Point warns customers to patch VPN vulnerability under active exploitation (source)
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
- Netgear warns users to patch auth bypass, XSS router flaws (source)