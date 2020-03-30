Researchers Find Bug Existing Since iOS 13.3.1 Which Interferes With VPNs Encrypting Traffic

It has been reported that there is currently an unpatched security vulnerability affecting iOS 13.3.1 or later which prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users’ data or leak their IP addresses.

While connections made after connecting to a VPN on your iOS device are not affected by this bug, all previously established connections will remain outside the VPN’s secure tunnel as ProtonVPN disclosed. This VPN bypass vulnerability (rated with a 5.3 CVSS v3.1 base score) and was disclosed by ProtonVPN to make users and other VPN providers aware of the issue.

EXPERTS COMMENTS
Craig Young, , Principal Security Researcher ,  Tripwire
March 30, 2020
Employees using VPN to access corporate network resources as opposed to for anonymity would be less impacted.
This kind of bug could be a big concern for people who rely on VPN technology for privacy. In this scenario, users may falsely believe their secure tunnel is shielding all personal data from nearby observers, network administrators, and remote site operators. In this case however, it is possible for data to be sent underprotected or for a real IP address to show up in remote server logs. Many use ....
