Security News > 2020 > March > Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time.
"Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.
iOS apps are required to use App Transport Security which protect transmitted data via HTTPS. That said, researchers warn the VPN bypass bug's biggest threat is potentially revealing a device's IP address.
A patch for the VPN bypass flaw was not one of them, though the company did repair a serious flaw in the WebKit for iOS and Safari that could enable remote code execution.
In the meantime, ProtonVPN offered some practical advice for mitigating the iOS VPN bypass vulnerability while it remains unpatched.
News URL
https://threatpost.com/apple-unpatched-vpn-bypass-bug-impacts-ios-13-warn-researchers/154232/