iOS 13.4 and earlier suffers from a serious VPN bug. We know how to remove it temporarily

30. 3. 2020

A serious vulnerability related to connecting to VPN networks appears in the operating system iOS 13.3.1 and later. This vulnerability prevents all network traffic from being encrypted. The bug was pointed out by ProtonVPN, which was also the first to discover it. The flaw in question allows bypassing VPN encryption, potentially compromising the security of user data, and also sharing the user's IP address.

Not only in the iOS and iPadOS operating system, in the case of activating a VPN connection, all other network connections should be terminated and the connection restored in an encrypted form. However, due to a bug that first appeared in iOS 13.3.1 and has not yet been fixed, this procedure does not happen when connecting to a VPN. Instead of terminating all connections and restarting them encrypted, some connections remain open, allowing network connections to bypass VPN encryption. With such unsecured connections, data and the user's IP address may be revealed, and thus also their potential identification. According to ProtonVPN, users in countries where citizens are being monitored and their rights are being violated are also at risk due to this bug.

Enter the gallery

Only certain processes with short-lived connections "behave" in the vulnerable manner described above. One of them is, for example, the push notification system from Apple. Unfortunately, there is nothing VPN app and tool makers can do about the aforementioned error. Users have no choice but to manually end and re-enable all network connections. They do this by activating Airplane mode, which they deactivate again after connecting to a VPN. Activating Airplane mode will immediately and completely terminate all ongoing connections. It is then restored in an encrypted form after the VPN is activated. The described solution is currently the only way to deal with this error. Apple is reportedly aware of the vulnerability, so it's likely that users will see a fix in one of the next iOS updates.

Topics: restart, iOS 13, notification, iOS, user, Application, Apple Lossless Audio CODEC (ALAC),

Discussion of the article

Shonk

30. 3. 2020 12:04

And how do I connect to the VPN when the iPhone is in airplane mode and therefore not connected to the Internet?

Shonk

30. 3. 2020 12:07

I apologize for the question. I tried it now and it seems that even in airplane mode it connects to the VPN. I don't know how, but it seems to work.

Your name

Your comment

By filling in the above data, I acknowledge that the company TEXT FACTORY s.r.o., registered office in Brno, Durďákova 336/29, Černá Pole, ZIP code: 613 00, ID number: 06157831, registered at the Regional Court in Brno, section C, insert 100399, will process my personal data provided in the registration form filled out by me on the basis of the legitimate interests of TEXT FACTORY s.r.o. according to Article 6 paragraph 1 letter f) GDPR and to fulfill legal obligations (Article 6, paragraph 1, letter c) GDPR), for the following purposes: the necessity to ensure the authorization of visitors to websites operated by TEXT FACTORY s.r.o. to actively contribute to published articles or within discussion forums and exercising the rights of TEXT FACTORY s.r.o. as the administrator of these discussion forums. More information about the processing of personal data and rights can be found in Lessons on personal data protection. the entire text

It could be interest you

Gallery

Related