Ghosties using iPhones and iPads, we have some not-so-great news for you.
There’s an unpatched iOS bug out there, blocking VPN apps from encrypting all your internet traffic.
The bug was first discovered in iOS version 13.3.1, but it made it to the latest iOS version, 13.4.
It’s been rated with a 5.3 CVSS v3.1 base score. It’s a Medium.
As of now, Apple hasn’t disclosed any plans for a patch.
What’s going on
Every time you establish a connection to a VPN server on an iOS device, all your previously existing internet connections and apps are supposed to be terminated and restarted.
The process ensures that everything then connects through the VPN’s encrypted tunnel. It’s essentially how a VPN works.
With VPN software, you can hide your IP address and enforce the VPN’s IP address through all apps.
However, this iOS bug causes some internet connections to continue using your original IP address. You’re left with privacy and security concerns, vulnerable to network snooping.
What we know about the bug
The bug was first reported by Proton VPN, who dubbed it the “VPN bypass bug.”
According to them, the bug’s behavior is quite erratic. Some connections re-establish through the VPN tunnel after a short while, others take anywhere from minutes to hours.
For example, Apple’s push notification service seems to maintain a long connection between the device and Apple’s servers.
It’s still not clear how this bug affects messaging, banking, or social media apps, which generally contain more sensitive personal information.
What you can do right now
There is no reliable workaround for the bug yet.
But there are some things you should keep in mind:
- Internet connections established after you connect to VPN are not affected.
- There’s no guarantee that connections established before opening a VPN will close and restart. There’s also no estimate on how long these will remain unencrypted.
- It’s best to force shut down all apps before connecting to a VPN, to prevent having your IP address exposed.
- A VPN app, like CyberGhost VPN, can only access your network settings to encrypt your internet traffic. It should not have permission to access other apps or change connection settings in third-party apps.
If you’re using CyberGhost VPN on an iOS device (iPhone or iPad), make sure to follow these recommendations.
However, if you’re a Ghostie using any other device, everything’s okay for you.
We’ll keep updating this article as the story develops.
Until next time, stay safe and secure!