iPhone VPN app security 'broken', Apple says issued a fix


San Francisco, Aug 20 (IANS): After a security researcher claimed that iOS VPN (virtual private networks) apps are broken due to a flaw, Apple said it has already offered a fix. However, ProtonVPN says its only a partial solution.

According to security researcher Michael Horowitz, VPNs on iOS are broken.

"At first, they appear to work fine. The iOS device gets a new public IP address and new DNS servers. Data is sent to the VPN server. But, over time, a detailed inspection of data leaving the iOS device shows that the VPN tunnel leaks," he wrote in a blog post.

"This is not a classic/legacy DNS leak, it is a data leak. I confirmed this using multiple types of VPN and software from multiple VPN providers," he claimed, saying that Apple knows about this flaw for at least two and a half years.

Apple insists it has offered a fix since 2019, while ProtonVPN says that it's only a partial solution, reports 9to5Mac.

ProtonVPN said that this vulnerability has been present on iOS devices since at least iOS 13.3.1, and that there is no 100 per cent reliable way of ensuring that your data is being sent via the VPN.

Apple introduced an optional fix for this issye in iOS 14, but questions remain.

"The fact that this is still an issue is disappointing to say the least. We first notified Apple privately of this issue two years ago. Apple declined to fix the issue, which is why we disclosed the vulnerability to protect the public," according to Proton founder and CEO, Andy Yen.

 

  

Top Stories


Leave a Comment

Title: iPhone VPN app security 'broken', Apple says issued a fix



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.