CATEGORIES
home News

Apple's New iOS 13.4 Release Still Has A Bug That Prevents VPNs From Encrypting All Traffic

by Shane McGlaunFriday, March 27, 2020, 10:10 AM EDT
Apple iPhone XR

iPhone users should be aware that there is an unpatched security vulnerability that impacts iOS 13.3.1 and later versions of the operating system (including the newly released iOS 13.4). This unpatched security vulnerability prevents VPN networks from encrypting all traffic and can cause some Internet connections to bypass VPN encryption exposing the user's data or IP address. Connections that are made after connecting to a VPN on the iOS device are unaffected by the bug, but previously established connections bypass the VPN secure tunnel.

The security vulnerability was discovered by a security consultant that is part of the Proton community, and ProtonVPN disclosed the issue. ProtonVPN said that it wanted to make users and other VPN providers aware of the security issue on iOS. The company said that while most VPN connections are short-lived, some are long-lasting and can remain open for minutes to hours outside of the VPN tunnel.

The issue for users is while the connections are open outside the VPN secure channel, user data could be exposed to third-parties. The issue could also potentially leak the IP address of the user, revealing their location or exposing destination servers to attack. When using a VPN, the user should only see traffic being exchanged between their devices. Since previously open connections are being terminated before the VPN connects, the VPN servers, local IP addresses, and other IP addresses will show up.

ProtonVPN says that push notifications from Apple are a good example of processes using connections to Apple servers that aren't closed automatically. The company says that the bug can affect any service or app running on the user's iOS device, including web beacons and messaging applications. The company also notes that no VPN provider can provide users with a fix for the issue because iOS doesn't permit a VPN app to kill existing connections.

ProtonVPN says that it notified Apple last year and is now warning users so they can stay safe. Apple has acknowledged the VPN bypass issue and is researching options to mitigate it. The current workaround provided by ProtonVPN is to connect to the VPN server, turn on airplane mode, and then turn off airplane mode. That will reestablish the VPN, and all connections will reconnect inside the VPN tunnel, but the company warns the workaround isn't 100 percent reliable.

Tags:  Apple, iPhone, security, ios, (NASDAQ:AAPL), ios 13.4
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment