The bug affects Apple's iOS 13.4 version and can be exploited by cyber criminals to track users' activity online, as well as leak IP addresses and expose data their.
Ο Luis, a ProtonVPN security consultant, discovered this VPN bypass vulnerability and reported it to Apple, which he is currently working on.
ProtonVPN has reported this VPN bypass vulnerability and the iOS community will receive the patch in the next Apple security update, no patch is currently available for this vulnerability.
VPN Bypass Vulnerability
When users install a VPN connection, the existing connection is terminated and the new connection is restored via VPN tunnels where the connection will be fully encrypted.
The new vulnerability, however, does not close the existing links and in addition connections these will remain open for longer, outside the VPN tunnel.
As vulnerability researchers have discovered, malicious agents can record the traffic on the iOS network using Wireshark and can see the direct traffic between the iOS device's IP and an external IP address that is not a VPN server, but is a server Apple.
Normally, as one security researcher who has dealt with the case said, it should only be able to see the traffic between its IP device and the VPN server, but in this case, it was able to see the external IP address that belongs to Apple.
No other VPN service can provide an alternative to this issue because of the restriction of the iOS VPN license application to terminate existing network connections.