iOS Vulnerability Prevents VPNs From Encrypting All Traffic
A vulnerability affecting iOS 13.3.1 and later prevents virtual private networks (VPNs) from encrypting all traffic, allowing some internet connections to bypass encryption, potentially exposing users' data and IP addresses.
A screenshot from ProtonVPN demonstrating exposed connections to Apple's servers that should be protected by the VPN
Details on the vulnerability were shared today by Bleeping Computer after it was discovered by ProtonVPN. The vulnerability is caused because iOS isn't terminating all existing connections when a user connects to a VPN, allowing them to reconnect to destination servers once the VPN tunnel has been established.
Connections made after connecting to a VPN on an iOS are not affected by this bug, but all previously established connections are not secure. This could potentially lead to a user who believes they are protected accidentally exposing IP an address and therefore, an approximate location.
Apple's Push Notifications are cited as an example of a process using connections on Apple's servers that aren't closed automatically when connecting to a VPN, but it can affect any app or service running on a user's device.
VPNs cannot work around the issue because iOS does not allow VPN apps to kill existing network connections, so this is a fix that will need to be implemented by Apple. Apple is aware of the vulnerability and is looking into options to mitigate it.
Until fixed, VPN users can connect to a VPN server, turn on Airplane Mode and then turn off Airplane Mode to kill all existing connections. The mitigation isn't entirely reliable, however, so iPhone and iPad owners who rely on VPNs should be careful until Apple puts out a fix.
Popular Stories
After announcing new Mac and HomePod models last week, Apple adjusted its trade-in values for select devices in the United States.
iPhone trade-in values decreased by up to $80, and most Android smartphones also went down. Mac trade-in values remained unchanged or increased by up to $40 depending on the model, while some Apple Watch models increased in value and others decreased. Trade-in...
Apple's next-generation iPhone 15 Pro and iPhone 15 Pro Max are expected to be announced in September as usual. Already, rumors suggest the devices will have at least seven exclusive features not available on the standard iPhone 15 and iPhone 15 Plus.
An overview of the seven features rumored to be exclusive to iPhone 15 Pro models:A17 chip: iPhone 15 Pro models will be equipped with an A17...
While the new Mac mini with the M2 chip has a lower $599 starting price, the base model with 256GB of storage has slower SSD read and write speeds compared to the previous-generation model with the M1 chip and 256GB of storage.
A teardown of the new Mac mini shared by YouTube channel Brandon Geekabit reveals that the 256GB model is equipped with only a single 256GB storage chip, while the...
Apple today released tvOS 16.3, the third major point update to the tvOS 16 operating system that originally came out in September. Available for the Apple TV 4K and Apple TV HD, tvOS 16.3 comes six weeks after tvOS 16.2, an update that added Apple Music Sing.
The tvOS 16.3 update can be downloaded over the air through the Settings app on the Apple TV by going to System > Software...
Apple today released watchOS 9.3, the third major update to the watchOS 9 operating system that first launched in September. watchOS 9.3 comes over a month after watchOS 9.2, an update that added new Workout functionality and Crash Detection optimizations.
watchOS 9.3 can be downloaded for free through the Apple Watch app on the iPhone by opening it up and going to General > Software Update. ...
In a recent press release, Apple confirmed that iOS 16.3 will be released to the public next week. The software update will be available for the iPhone 8 and newer and includes a handful of new features, changes, and bug fixes.
Below, we've recapped bigger features in iOS 16.3, including support for physical security keys as a two-factor authentication option for Apple ID accounts, worldwide ...
The new M2-series MacBook Pro and Mac mini models launched today, marking the debut of the first M2 Pro and M2 Max chips. We have the M2 Pro Mac mini on hand, and thought we'd take a look at the machine and do a series of benchmarks to see how it fits into Apple's lineup.
Subscribe to the MacRumors YouTube channel for more videos. Base model Mac mini machines come with either an M2 or M2 Pro...
Apple today released macOS Ventura 13.2, the second major update to the macOS Ventura operating system initially released in October. macOS Ventura 13.2 comes more than a month after macOS Ventura 13.1, an update that added the Freeform app and other changes.
The macOS Ventura 13.2 update can be downloaded for free on all eligible Macs using the Software Update section of System...
Top Rated Comments
iOS used to handle this correctly, then stopped.
Not tearing down existing connections completely undermines the point of a VPN.
TCP is designed to retry after being torn down. It’s no biggie.
The fact is, this is an iOS bug, which was introduced recently.
If a VPN is configured to send all network traffic through the VPN when it’s running - which is typically what‘s done - then all traffic should be routing through it from the moment it’s enabled. Not just connections to new end points established afterward - all traffic.
Even if a VPN is configured to just carry traffic to a few specific end points (such as the OpenVPN tunnel to our servers, which I’m relying on heavily right now due to the stay at home order currently in place here in Washington): if you’re already connected to one of those end points before establishing the tunnel, you would expect all further traffic to go through the tunnel. The idea that you wouldn’t is ludicrous.
There’s actually two types on iOS. Split vpn and full tunnel. Split allows some stuff to be routed elsewhere. Full tunnel tunnels everything.