Vulnerability in iOS leaves VPN traffic open

US, WASHINGTON (ORDO NEWS) — A critical vulnerability has been discovered in the operating system iOS 13.3.1 and later that prevents encryption of Internet traffic passing through VPN networks.

Because of this, a user who believes that his connection is secured can “spot” his IP address and reveal an approximate location.

The developers of the ProtonVPN VPN service found a mistake in the Apple operating system. It is caused by the fact that iOS does not interrupt all current connections when the user connects to the VPN, because of which they reconnect to the target servers when creating a secure channel.

As a result, all connections created before connecting to the VPN cease to be secure, experts explain.

The vulnerability affects all applications and services in iOS, writes Bleeping Computer. As an example, experts cited Apple push notifications (in the screenshot above), which reconnect to the company’s servers when creating a VPN tunnel.

At the same time, developers of VPN services cannot fix this error, since iOS does not allow them to disconnect previously established connections.

The company is aware of the situation and is actively working to eliminate the vulnerability. Prior to the patch, as a temporary solution, users are advised to turn airplane mode on and off after connecting to the VPN to disconnect all current connections.

Online:

Our Standards, Terms of Use: Standard Terms And Conditions.

Contact us: [email protected]

The article is written and prepared by our foreign editors from different countries around the world – material edited and published by Ordo News staff in our US newsroom press.