![]() This article reports a security vulnerability discovered in Apple’s iOS version 13.4 that prevents VPNs from encrypting all traffic.įrom time to time we may encounter vulnerabilities in third-party software, which in the future will be disclosed after 90 days in accordance with our responsible disclosure program. UPDATE June 1, 2020: Apple’s release notes for iOS version 13.5 do not mention this issue, and we have confirmed that the bug still exists in the new version. UPDATE July 24, 2020: We can confirm this bug still exists in iOS version 13.6. 16, 2020: We can confirm this bug still exists in iOS version 13.7. We will be adding this capability in an upcoming release of Proton VPN. By enabling Kill Switch, existing connections will be blocked whenever VPN is enabled. 19, 2020: Although Apple has not fixed the VPN bypass problem directly on iOS 14, they have provided the kill switch capability to app developers. We call on Apple to make a fully secure online experience accessible to everyone, not just those who enroll in a proprietary remote device management framework designed for enterprises. Apple has stated that their traffic being VPN-exempt is “expected”, and that “Always On VPN is only available on supervised devices enrolled in a mobile device management (MDM) solution”. Unfortunately, its fixes have been problematic. We’ve raised this issue with Apple multiple times. But if you use Proton VPN while connected to public WiFi, your sensitive traffic still cannot be monitored. However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel. Most of these connections are short-lived and eventually are re-established through the VPN tunnel on their own. This is similar to the situation we reported two years ago. 18, 2022: Recent testing has shown that while the kill switch capability Apple provided to developers with iOS 14 does in fact block additional network traffic, certain DNS queries from Apple services can still be sent from outside the VPN connection. 13, 2022: Reports indicate that Apple has not fixed the problem in iOS 16.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |