Security News > 2020 > March > Apple’s iOS 13.4 hit by VPN bypass vulnerability
Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version.
A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.
In short, everything that starts after the VPN is loaded will be secure but everything before that moment might not be if it doesn't reset the connection of its own accord.
The VPN will reconnect, and your other connections should also reconnect inside the VPN tunnel.
We have been in contact with Apple, which has acknowledged the VPN bypass vulnerability and is looking into options to mitigate it.
News URL
https://nakedsecurity.sophos.com/2020/03/30/apples-ios-13-4-hit-by-vpn-bypass-vulnerability/
Related news
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) (source)
- Apple plugs security hole in its iThings that's already been exploited in iOS (source)
- Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) (source)
- Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (source)
- Juniper Session Smart Routers Vulnerability Could Let Attackers Bypass Authentication (source)
- SilentCryptoMiner Infects 2,000 Russian Users via Fake VPN and DPI Bypass Tools (source)