An unpatched bug in iOS version 13.3.1 or later prevents VPNs from working properly, which can open users up to data breaches. The vulnerability, disclosed by ProtonVPN, does not terminate a connection when the user connects to a VPN, which means that if it remains active, unencrypted data could be transferred and possibly intercepted. Unencrypted data can easily reveal personal details such as IP address, location, or even expose users and servers to cyber attacks.
IOS vulnerability
"Most connections are short-lived and will eventually re-establish themselves through the VPN tunnel," ProtonVPN said. "However, some are durable and can be left open for minutes or hours outside of the VPN tunnel." Connections made after turning on the VPN tunnel remain secure, and while most other operating systems terminate existing connections, iOS for some reason keeps older versions alive. ProtonVPN researchers cited an example of Apple push notifications using a process to communicate with Apple servers for a long time. This connection does not end automatically and may affect any service or application on the user's iOS device. Although this bug has no impact on the average user, "people in countries where surveillance and civil rights violations are common" are at high risk, ProtonVPN noted. Due to security limitations, no third-party apps or VPNs can terminate these open connections on iOS. The report also suggests that Apple has recognized the VPN bypass vulnerability, and until it releases a fix, recommends that customers use an always-on VPN. People using other VPN apps can manually kill all active connections by turning Airplane mode on and off after connecting to a VPN. While this solution can kill most active connections, it may not be a 100% effective solution.- Let us help you choose the best VPN options