Search

iOS Still Has Unpatched VPN-Related Issue 2 Years After Disclosure; iPhone Users' Data at Risk: Researcher

Researcher says iOS bug does not hide existing Internet connections once VPN is enabled.

Advertisement
Highlights
  • The issue was first reported by ProtonVPN in 2020
  • Apple has provided an optional solution for this
  • Apple has yet to issue a response on this
iOS Still Has Unpatched VPN-Related Issue 2 Years After Disclosure; iPhone Users' Data at Risk: Researcher

VPN apps provide a cloak to your online activity

Photo Credit: Justin Sullivan/ Getty Images North America/ AFP

VPNs on iOS are leaking user data due to an issue that was first disclosed to Apple privately about 2 years ago, a researcher has claimed. As per the issue, the unpatched security vulnerability does not let an iOS handset fully route all network traffic through VPN apps as it is expected to be and some data leaves the device outside of the VPN tunnel. This flaw was first disclosed to Apple by ProtonVPN in 2020, however, the researcher has said that the Cupertino-based company hasn't plugged the vulnerability yet.

Researcher Michael Horowitz claimed in a blog post that VPN apps on iOS appear to work fine at first i.e., “the iOS device gets a new public IP address and new DNS servers” like the way it should. The data is sent to the VPN server but the researcher says that a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks. “Data leaves the iOS device outside of the VPN tunnel. This is not a classic/legacy DNS leak, it is a data leak,” Horowitz added.

A VPN is used to encrypt traffic. Once enabled, it will give the device a new IP address, DNS servers, and a tunnel for new traffic by closing existing Internet connections as well as re-establishing them through the VPN tunnel. However, the bug in iOS restricts the operating system from hiding all existing Internet connections and/or “leaking” data outside the VPN tunnel bringing some major security concerns.

In order to better understand, consider a movie-like scenario in which you are driving a red car and anyone can track you by following you on a helicopter. When you enter a tunnel, the helicopter cannot see you from above and you come outside driving a white car which serves as a cloak for your identity. But if there is a flaw in that cloak that gives away the information, it could allow the trackers to identify it is you. Apple has yet to issue a response on the issue, and we've reached out for comment.

The researcher also claims that he confirmed this data leak using multiple types of VPN and software from multiple VPN providers. He tested it on the latest version of iOS (iOS 15.6). The issue was first publicly reported by ProtonVPN in 2020 and at that time iPhone models were running iOS v13. As per a report, Apple has not yet fully fixed the problem and has provided a solution to this.

Ars Technica cited Proton founder and CEO Andy Yen as saying, “The fact that this is still an issue is disappointing to say the least. We first notified Apple privately of this issue two years ago. Apple declined to fix the issue, which is why we disclosed the vulnerability to protect the public. Millions of people's security is in Apple's hands, they are the only ones who can fix the issue, but given the lack of action for the past two years, we are not very optimistic Apple will do the right thing.”


Missed Apple's WWDC 2022? We discuss every major announcement on Orbital, the Gadgets 360 podcast. Orbital is available on Spotify, Gaana, JioSaavn, Google Podcasts, Apple Podcasts, Amazon Music and wherever you get your podcasts.
Affiliate links may be automatically generated - see our ethics statement for details.

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: iOS, VPN bypass vulnerability, Apple
 
Show Full Article
Please wait...
Advertisement

Related Stories

Popular Mobile Brands
  1. OnePlus Pad 3 With 12,140mAh Battery Launched in India: Check Features
  2. Our Fault OTT Release Date: When and Where to Watch Final Chapter of Culpables Online?
  3. Best Smartphones Under Rs 25,000 in India: Check List
  4. OnePlus 13s Launched in India: Know Price, Specifications and More
  5. Redmi Pad 2 With 9,000mAh Battery Launched in Global Markets: See Price
  6. OnePlus 13s vs iQOO 13: Price in India, Specifications Compared
  7. Oppo Teases Launch of New Smartphone in India; Could Be Reno 14
  8. Hugging Face's New Robotics AI Model Can Run Locally on a MacBook
  1. Hugging Face Releases SmolVLA Open Source AI Model For Robotics Workflows
  2. Redmi Pad 2 With 9,000mAh Battery, MediaTek Helio G100 Ultra Chip Launched: Price, Specifications
  3. Alphabet CEO Expects to Keep Hiring Engineers as AI Advances
  4. Amazon Said to Be Preparing to Test Humanoid Robots for Deliveries
  5. Google Doubles Gemini 2.5 Pro Rate Limit for Google AI Pro Subscribers
  6. Apple Said to Have Given iPhone Repair Business to Tata India as Partnership Expands
  7. Huawei Pura 80 Pro, Pura 80 Pro+ Design Teased; Pre-Reservation Begin
  8. Mistral Code AI-Powered Coding Assistant Introduced for Enterprise Developers
  9. Nothing Headphone 1 Launch Date Set for July 1, to Arrive Alongside Nothing Phone 3
  10. Ethereum Foundation Announces Overhauled Treasury Strategy Amid Scaling Push
Gadgets 360 is available in
Download Our Apps
App Store App Store
Available in Hindi
App Store
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.
Trending Products »
Latest Tech News »