SCITECH

iPhone VPN app security 'broken', Apple issues a fix

Apple is warning on August 18, 2022, of a flaw that is allowing hackers to seize control of iPhones, iPads and Mac computers, and is urging users to install emergency software updates.
 
Apple is warning on August 18, 2022, of a flaw that is allowing hackers to seize control of iPhones, iPads and Mac computers, and is urging users to install emergency software updates.
San Francisco - After a security researcher claimed that iOS VPN (virtual private networks) apps are broken due to a flaw, Apple said it has already offered a fix. However, ProtonVPN says its only a partial solution.

According to security researcher Michael Horowitz, VPNs on iOS are broken.

'At first, they appear to work fine. The iOS device gets a new public IP address and new DNS servers. Data is sent to the VPN server. But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks,' he wrote in a blog post.

'This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers,' he claimed, saying that Apple knows about this flaw for at least two and a half years.

Apple insists it has offered a fix since 2019, while ProtonVPN says that it's only a partial solution, reports 9to5Mac.

ProtonVPN said that this vulnerability has been present on iOS devices since at least iOS 13.3.1 and that there is no 100 percent reliable way of ensuring that your data is being sent via the VPN.

Apple introduced an optional fix for this issue in iOS 14, but questions remain.

'The fact that this is still an issue is disappointing, to say the least. We first notified Apple privately of this issue two years ago. Apple declined to fix the issue, which is why we disclosed the vulnerability to protect the public,' according to Proton founder and CEO, Andy Yen.