Archived Post

Bug in iOS 13.3.1 (and higher) prevents VPNs from encrypting all traffic

A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private networks (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users’ data or leak their IP addresses, reports Bleeping Computer.

The article says the glitch was discovered by a security consultant part of the Proton community and was disclosed by ProtonVPN to make users and other VPN providers aware of the issue. Until iOS is updated with a fix, Apple recommends using Always-on VPN, which gives your organization full control over device traffic by tunneling all IP traffic back to the organization. The default tunneling protocol, IKEv2, secures traffic transmission with data encryption. Your organization can now monitor and filter traffic to and from devices, secure data within your network, and restrict device access to the Internet.

However, Bleeping Computer says that since this workaround uses device management, it can’t be used to mitigate the vulnerability for third-party VPN apps such as ProtonVPN. ProtonVPN recommends these steps if you’re using a third-party VPN:

  • Connect to a VPN server.

  • Turn on airplane mode. This will kill all Internet connections and temporarily disconnect the VPN. 

  • Turn off airplane mode. The VPN will reconnect, and your other connections should also reconnect inside the VPN tunnel (not 100% reliable)

Dennis Sellers
the authorDennis Sellers
Dennis Sellers is the editor/publisher of Apple World Today. He’s been an “Apple journalist” since 1995 (starting with the first big Apple news site, MacCentral). He loves to read, run, play sports, and watch movies.