Apple Declined to Fix iOS VPN Vulnerability Despite Being Told About It Two Years Ago, Claims Researcher

Apple has allegedly declined to fix an iOS vulnerability that had to deal with VPNs despite being told to do so two years ago. As per a researcher, the company is also the only one that is capable of fixing the issue.

CEO of Proton Released a Statement About How Apple Knew About an Issue Two Years Ago But Did Nothing

According to the story by Ars Technica, Andy Yen, the founder and CEO of Proton, released a statement expressing his disappointment in the issue. He stated that the first time that they notified Apple was two years ago and they decided to do so privately.

The company then declined to fix the issue and as per Yen, this is why they are now disclosing the vulnerability in order for the public to protect themselves. The CEO noted that with millions of users, their security is in the hands of Apple.

Security Researcher Says Apple iOS Devices Don't Fully Route All Network Traffic Through VPNs

It was also highlighted that Apple is the only one capable of fixing the issue but due to the lack of action despite being alerted two years ago, Yen notes that he isn't that optimistic that "Apple will do the right thing."

As per a security researcher, Apple's iOS devices "do not fully route all network traffic through VPNs as a user might expect." It was also mentioned that Apple has already known about the potential security issue for years.

iOS VPNs Did Not Kill Existing Connections Before Making a New Connection

A longtime computer security blogger and researcher, Michael Horowitz, released an updated blog post saying "VPNs on iOS are broken." It was also explained how iOS VPNs don't kill existing connections "before establishing a secure connection so that they can be re-established inside the tunnel."

Horowitz noted that data exits the iOS device outside of the VPN tunnel and this is not just a classic DNS leak but an actual data leak. It was noted that through using different types of VPN and software coming from different VPN providers, the security researcher was able to confirm this.

Read Also: Google to Tackle Clickbait and Irrelevant Search Results in New Update

Privacy Company Explained How VPNs Typically Work

Proton, a privacy company, released a report stating that the iOS VPN bypass vulnerability started as early as at least the Apple iOS 13.3.1. Just like the post by Horowitz, ProtonVPN's blog post specified that a VPN typically closes existing connections.

After closing those connections, they are then reopened inside a VPN tunnel but this is not something that happened on iOS. A lot of the existing connections will eventually end up inside the tunnel but not all of them.

Some of the connections, like the push notification service Apple, can last for hours outside of the connection. While VPNs reportedly route your data, the question is if they are able to do this instantly.

Related Article: Android Users Must Delete These Popular Apps Now As They Face Risks of Malware - Cybersecurity Firm Says

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics