The folks over at ProtonVPN have discovered a vulnerability in iOS 13.4 (exists since 13.3.1) which will prevent VPN's from encrypting all traffic that is going through the user's iPhone, causing some internet connections to bypass the VPN server and thus possibly exposing the user to data leaks and attacks. ProtonVPN is a popular VPN service and a member in their community first discovered the bug and reported it. ProtonVPN had submitted the bug to Apple, who then acknowledged it. The reason for the bug lies in the way iOS deals with reconnections. Once a VPN tunnel is established, iOS is supposed to reroute and reconnect all existing connection through the tunnel, but it doesn't do so. It leaves behind the old connection as it is and only re-routes new connections through the VPN tunnel. Typically connections only last for a few seconds, but some connections may last for minutes or hours. A good example given by ProtonVPN is push notifications, whose connections to Apple servers won't close automatically. During this time, a user's IP address and other data can be intercepted. Apple has promised a fix in an upcoming software update, but in the meantime, ProtonVPN has suggested a way to increase ...
Read Here»
Subscribe to:
Post Comments (Atom)
Post a Comment Blogger Facebook
We welcome comments that add value to the discussion. We attempt to block comments that use offensive language or appear to be spam, and our editors frequently review the comments to ensure they are appropriate. As the comments are written and submitted by visitors of The Sheen Blog, they in no way represent the opinion of The Sheen Blog. Let's work together to keep the conversation civil.