Security News > 2020 > March > Apple’s iOS 13.4 hit by VPN bypass vulnerability

Apple’s iOS 13.4 hit by VPN bypass vulnerability
2020-03-30 13:43

Publicised by ProtonVPN, the issue is a bypass flaw caused by iOS not closing existing connections as it establishes a VPN tunnel, affecting iOS 13.3.1 as well as the latest version.

A VPN app should open a private connection to a dedicated server through which all internet traffic from the device is routed before being forwarded to the website or service someone is accessing.

In short, everything that starts after the VPN is loaded will be secure but everything before that moment might not be if it doesn't reset the connection of its own accord.

The VPN will reconnect, and your other connections should also reconnect inside the VPN tunnel.

We have been in contact with Apple, which has acknowledged the VPN bypass vulnerability and is looking into options to mitigate it.


News URL

https://nakedsecurity.sophos.com/2020/03/30/apples-ios-13-4-hit-by-vpn-bypass-vulnerability/