Security News > 2020 > March > Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time.
"Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.
iOS apps are required to use App Transport Security which protect transmitted data via HTTPS. That said, researchers warn the VPN bypass bug's biggest threat is potentially revealing a device's IP address.
A patch for the VPN bypass flaw was not one of them, though the company did repair a serious flaw in the WebKit for iOS and Safari that could enable remote code execution.
In the meantime, ProtonVPN offered some practical advice for mitigating the iOS VPN bypass vulnerability while it remains unpatched.
News URL
https://threatpost.com/apple-unpatched-vpn-bypass-bug-impacts-ios-13-warn-researchers/154232/
Related news
- SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools (source)
- Global Pressure Mounts for Apple as Brazilian Court Demands iOS Sideloading Within 90 Days (source)
- Apple Backports Critical Fixes for 3 Recent 0-Days Impacting Older iOS and macOS Devices (source)
- Apple Rolls Out iOS 18.4 With New Languages, Emojis & Apple Intelligence in the EU (source)