Security News > 2020 > March > Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers

Apple Unpatched VPN Bypass Bug Impacts iOS 13, Warn Researchers
2020-03-27 14:43

Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device's IP address, exposing it for a limited window of time.

"Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel," researchers explained in a technical analysis of the flaw.

iOS apps are required to use App Transport Security which protect transmitted data via HTTPS. That said, researchers warn the VPN bypass bug's biggest threat is potentially revealing a device's IP address.

A patch for the VPN bypass flaw was not one of them, though the company did repair a serious flaw in the WebKit for iOS and Safari that could enable remote code execution.

In the meantime, ProtonVPN offered some practical advice for mitigating the iOS VPN bypass vulnerability while it remains unpatched.


News URL

https://threatpost.com/apple-unpatched-vpn-bypass-bug-impacts-ios-13-warn-researchers/154232/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Apple 68 212 1433 2208 257 4110