Security News > 2020 > March > Apple’s iOS 13.4 hit by VPN bypass vulnerability
Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version.
A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.
In short, everything that starts after the VPN is loaded will be secure but everything before that moment might not be if it doesn't reset the connection of its own accord.
The VPN will reconnect, and your other connections should also reconnect inside the VPN tunnel.
We have been in contact with Apple, which has acknowledged the VPN bypass vulnerability and is looking into options to mitigate it.
News URL
https://nakedsecurity.sophos.com/2020/03/30/apples-ios-13-4-hit-by-vpn-bypass-vulnerability/
Related news
- Check Point warns customers to patch VPN vulnerability under active exploitation (source)
- Apple Operating Systems are Being Targeted by Threat Actors, Plus 4 More Vulnerability Trends (source)
- Apple Patches AirPods Bluetooth Vulnerability That Could Allow Eavesdropping (source)
- Devs claim Apple is banning VPNs in Russia 'more effectively' than Putin (source)
- Apple Removes VPN Apps from Russian App Store Amid Government Pressure (source)
- Russia forces Apple to remove dozens of VPN apps from App Store (source)
- Apple iOS 18 Cheat Sheet: Release Date, RCS Integration and More (source)