Wednesday, July 15, 13:22
Home security VPN bypass vulnerability discovered on Apple iOS

VPN bypass vulnerability discovered on Apple iOS

iOS

A new VPN Bypass vulnerability, recently discovered on Apple iOS, blocks the encryption that VPNs make across all traffic passing through a device.

The bug affects Apple's iOS 13.4 version and can be exploited by cyber criminals to track users' activity online, as well as leak IP addresses and expose data their.

Ο Luis, a ProtonVPN security consultant, discovered this VPN bypass vulnerability and reported it to Apple, which he is currently working on.

ProtonVPN has reported this VPN bypass vulnerability and the iOS community will receive the patch in the next Apple security update, no patch is currently available for this vulnerability.

VPN Bypass Vulnerability

When users install a VPN connection, the existing connection is terminated and the new connection is restored via VPN tunnels where the connection will be fully encrypted.

The new vulnerability, however, does not close the existing links and in addition connections these will remain open for longer, outside the VPN tunnel.

As vulnerability researchers have discovered, malicious agents can record the traffic on the iOS network using Wireshark and can see the direct traffic between the iOS device's IP and an external IP address that is not a VPN server, but is a server Apple.

Normally, as one security researcher who has dealt with the case said, it should only be able to see the traffic between its IP device and the VPN server, but in this case, it was able to see the external IP address that belongs to Apple.

No other VPN service can provide an alternative to this issue because of the restriction of the iOS VPN license application to terminate existing network connections.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Absent Mia
Absent Miahttps://www.secnews.gr
Being your self, in a world that constantly tries to change you, is your greatest achievement

LIVE NEWS

Chrome 84: Released and offers enhanced security

Google released Chrome 84 yesterday, July 14, 2020 (Stable desktop channel), bringing many security improvements ...

Cybersecurity workers suffer from burnout

New research from the Chartered Institute of Information Security of the United Kingdom (CIISec) shows that overwork and burnout remain very ...

SigRed allows hijacking on Microsoft Windows Server

A vulnerability called SigRed, which could affect Microsoft Windows Server has been discovered in the system code here ...

Britain excludes Huawei from the country's 5G network

On Tuesday, Britain announced that it would exclude Huawei from the new high-speed telephone network, as it stated that ensuring ...

New GoldenHelper backdoor found in official Chinese software

A new backdoor, called GoldenHelper backdoor, was discovered by Trustwave researchers integrated into the software ...

Wattpad breach exposes information to millions of users

An allegedly stolen Wattpad database containing 270 million records sold for over $ 100.000. It is now offered for free in ...

Trump: Hospitals will send COVID-19 patient data to a database

A report by The New York Times, published on Tuesday, states that the Trump administration has ordered US hospitals to ...

Adobe fixes critical vulnerabilities in its products

About 12 vulnerabilities have been fixed by Adobe, which were detected in Creative Cloud, Media Encoder, Genuine Service, ColdFusion and Download ...

Apple: The reason for the warning about the camera cover on MacBooks

In the past few days Apple said that it is not safe to close the screen of your MacBook, when you have placed a cover on ...

Android chat application spies on users!

An Android chat application that claims to be a secure messaging platform, spies on users and ...