iOS Vulnerability Prevents VPNs From Encrypting All Traffic

by

A vulnerability affecting iOS 13.3.1 and later prevents virtual private networks (VPNs) from encrypting all traffic, allowing some internet connections to bypass encryption, potentially exposing users' data and IP addresses.

ios device network ip wireshark

A screenshot from ProtonVPN demonstrating exposed connections to Apple's servers that should be protected by the VPN

Details on the vulnerability were shared today by Bleeping Computer after it was discovered by ProtonVPN. The vulnerability is caused because iOS isn't terminating all existing connections when a user connects to a VPN, allowing them to reconnect to destination servers once the VPN tunnel has been established.

Connections made after connecting to a VPN on an iOS are not affected by this bug, but all previously established connections are not secure. This could potentially lead to a user who believes they are protected accidentally exposing IP an address and therefore, an approximate location.

Apple's Push Notifications are cited as an example of a process using connections on Apple's servers that aren't closed automatically when connecting to a VPN, but it can affect any app or service running on a user's device.

VPNs cannot work around the issue because iOS does not allow VPN apps to kill existing network connections, so this is a fix that will need to be implemented by Apple. Apple is aware of the vulnerability and is looking into options to mitigate it.

Until fixed, VPN users can connect to a VPN server, turn on Airplane Mode and then turn off Airplane Mode to kill all existing connections. The mitigation isn't entirely reliable, however, so iPhone and iPad owners who rely on VPNs should be careful until Apple puts out a fix.

Popular Stories

iOS 26 on iPhone Feature

Here's When iOS 26 Rolls Out Today in Every Time Zone [Update: Out Now!]

Monday September 15, 2025 12:00 am PDT by
Update 10:06 a.m.: iOS 26 is rolling out now, though it may take a bit for all users to see it, so keep checking! Today's the day! Apple is about to release iOS 26, which will deliver the biggest redesign since iOS 7 and bring a range of new features and improvements to iPhones worldwide. It's Apple's biggest software update of the year, and Apple announced at last week's iPhone event that...
Read Full Article85 comments
Tim Cook Rainbow

Apple Reportedly Plans to Launch These 10 Products in 'Coming Months'

Sunday September 14, 2025 8:45 am PDT by
Apple's annual September event is now in the rearview mirror, with the iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, iPhone Air, Apple Watch Series 11, Apple Watch Ultra 3, Apple Watch SE 3, and AirPods Pro 3 set to launch this Friday, September 19. As always, there is more to come. In his Power On newsletter today, Bloomberg's Mark Gurman said Apple plans to release many products in the...
Read Full Article72 comments
apple n1 chip

Apple's New N1 Chip in iPhone 17, iPhone 17 Pro, and iPhone Air Has a Wi-Fi 7 Limitation

Saturday September 13, 2025 10:01 am PDT by
The latest iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air models are equipped with Apple's all-new N1 chip for Wi-Fi 7, Bluetooth 6, and Thread connectivity. However, the chip has a Wi-Fi 7 bandwidth limitation. According to FCC documents reviewed by MacRumors, the N1 chip in all of the new iPhone models supports up to 160 MHz channel bandwidth for Wi-Fi 7, short of the...
Read Full Article99 comments
iPhone 17 Pro Colors

Didn't Pre-Order a New iPhone Yet? Here's How Long the Wait is Now

Friday September 12, 2025 6:11 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began at 5 a.m. Pacific Time in the U.S. and many other countries today. If you have yet to place a pre-order, you might face a longer wait now, depending on your desired configuration. As of shortly after 6 a.m. Pacific Time today, nearly all iPhone 17 Pro Max configurations on Apple's online store in the U.S. are facing ...
Read Full Article297 comments
airpods translate

AirPods Live Translation Blocked for EU Users With EU Apple Accounts

Thursday September 11, 2025 4:01 am PDT by
Apple's new Live Translation feature for AirPods will be off-limits to millions of European users when it arrives next week, with strict EU regulations likely holding back its rollout. Apple says on its feature availability webpage that "Apple Intelligence: Live Translation with AirPods" won't be available if both the user is physically in the EU and their Apple Account region is in the EU....
Read Full Article235 comments
iphone 17 lineup

iPhone 17 Models Launch on September 19 With These New Features

Friday September 12, 2025 7:58 am PDT by
Apple will launch its new iPhone 17 lineup and ultra-thin iPhone Air in stores on Friday, September 19, and the company has already shown off the new devices at its fall event, which ran with the the tagline "Awe dropping." The iPhone 17 series brings a host of new features and enhancements. Here's a rundown of the biggest upgrades and changes: iPhone 17 Display Changes The iPhone...
Read Full Article17 comments
iphone air all colors

iPhone Air and iPhone 17 Pro Now Facing Extended Delivery Estimates

Saturday September 13, 2025 11:43 am PDT by
iPhone 17, iPhone 17 Pro, iPhone 17 Pro Max, and iPhone Air pre-orders began on Friday in the U.S. and many other countries. iPhone 17 Pro Max delivery estimates quickly slipped beyond the Friday, September 19 launch day for those who had yet to place an order, and now the rest of the new models have started to follow suit. As of shortly after 11:30 a.m. Pacific Time today, select iPhone 17, ...
Read Full Article86 comments
iPhone 17 Pro Colors

iPhone 17 and iPhone 17 Pro Models Are eSIM-Only in These Countries

Tuesday September 9, 2025 12:23 pm PDT by
Apple continues to phase out the physical SIM card tray on iPhones, with the latest models relying solely on eSIM technology in more countries. The new iPhone 17, iPhone 17 Pro, and iPhone 17 Pro Max support eSIMs only in these countries and regions, according to Apple: Bahrain Canada Guam Japan Kuwait Mexico Oman Qatar Saudi Arabia United Arab Emirates Un...
Read Full Article78 comments
iPhone 17 Pro Air Boxes

iPhone Air and iPhone 17 Pro Boxes Revealed

Sunday September 14, 2025 1:36 pm PDT by
T-Mobile President Jon Freier today shared real-world photos of Apple's boxes for the iPhone Air, iPhone 17 Pro, and iPhone 17 models, which launch on Friday. Image Credit: Jon Freier Apple has typically included iPhone box renders in its product environmental reports, but it did not do so for the latest models. However, Apple's iPhone Upgrade Program page does offer some images of the boxes, ...
Read Full Article74 comments

Top Rated Comments

Will Tisdale ? Avatar
Will Tisdale ?
72 months ago

This is 100% fake and not a bug. All VPNs, such as those on the desktop, do this by default unless specifically configured, as to not interrupt ongoing downloads, or worse, cause UDP-based services to silently fail.
I don’t think so.
iOS used to handle this correctly, then stopped.
Not tearing down existing connections completely undermines the point of a VPN.
Score: 11 Votes (Like | Disagree)
Will Tisdale ? Avatar
Will Tisdale ?
72 months ago

Nope. I have two full tunnels on two different clients (Cisco Anyconnect, and Pulse Secure)
Well, I can tell you that Anyconnect will tear down any active connections, assuming it’s configured correctly. My work VPN certainly does.

TCP is designed to retry after being torn down. It’s no biggie.

The fact is, this is an iOS bug, which was introduced recently.
Score: 5 Votes (Like | Disagree)
konqerror Avatar
konqerror
72 months ago
This is 100% fake and not a bug. All VPNs, such as those on the desktop, do this by default unless specifically configured, as to not interrupt ongoing downloads, or worse, cause UDP-based services to silently fail. Windows built-in VPN client has this exact same behavior.
Score: 3 Votes (Like | Disagree)
Westside guy Avatar
Westside guy
72 months ago
I’m sometimes stunned by the upvotes people get for posting incorrect information.

If a VPN is configured to send all network traffic through the VPN when it’s running - which is typically what‘s done - then all traffic should be routing through it from the moment it’s enabled. Not just connections to new end points established afterward - all traffic.

Even if a VPN is configured to just carry traffic to a few specific end points (such as the OpenVPN tunnel to our servers, which I’m relying on heavily right now due to the stay at home order currently in place here in Washington): if you’re already connected to one of those end points before establishing the tunnel, you would expect all further traffic to go through the tunnel. The idea that you wouldn’t is ludicrous.
Score: 3 Votes (Like | Disagree)
Will Tisdale ? Avatar
Will Tisdale ?
72 months ago

I feel like we need more info here.

As others have said, it would be problematic to silently kill existing connections when connecting to a VPN. That's certainly not the behavior I would expect. I suppose it depends on whether you use a VPN to add certain networks (such as your corporate office), or to globally route all your traffic (such as for privacy reasons). In the former case, I don't want my non-office connections to be reset.

If MacRumors is reporting this right and VPN apps cannot reset connections, that makes me wonder what changed here. Did iOS previously indeed terminate any open socket when connecting?
I feel that people need to learn about the expected behaviour of VPNs before commenting.
There’s actually two types on iOS. Split vpn and full tunnel. Split allows some stuff to be routed elsewhere. Full tunnel tunnels everything.
Score: 3 Votes (Like | Disagree)
Square-Eyes Avatar
Square-Eyes
72 months ago
I got caught out by the fact that if you tether a device to your phone it will bypass the phone’s VPN ??‍♂️
Score: 2 Votes (Like | Disagree)
Read All Comments