1. IT-Security >
  2. Cyber Security Nachrichten >
  3. Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic

ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic


IT Security Nachrichten vom | Direktlink: it.slashdot.org Nachrichten Bewertung

An anonymous reader quotes a report from Bleeping Computer: A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private network (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing VPN encryption to expose users' data or leak their IP addresses. While connections made after connecting to a VPN on your iOS device are not affected by this bug, all previously established connections will remain outside the VPN's secure tunnel as ProtonVPN disclosed. The bug is due to Apple's iOS not terminating all existing Internet connections when the user connects to a VPN and having them automatically reconnect to the destination servers after the VPN tunnel is established. "Most connections are short-lived and will eventually be re-established through the VPN tunnel on their own," ProtonVPN explains. "However, some are long-lasting and can remain open for minutes to hours outside the VPN tunnel." During the time the connections are outside of the VPN secure communication channels, this issue can lead to serious consequences. For instance, user data could be exposed to third parties if the connections are not encrypted themselves, and IP address leaks could potentially reveal the users' location or expose them and destination servers to attacks. Until Apple provides a fix, the company recommends using Always-on VPN to mitigate this problem. "However, since this workaround uses device management, it cannot be used to mitigate the vulnerability for third-party VPN apps such as ProtonVPN," the report adds.

Read more of this story at Slashdot.

...

Externe Webseite mit kompletten Inhalt öffnen



https://it.slashdot.org/story/20/03/26/2030204/unpatched-ios-bug-blocks-vpns-from-encrypting-all-traffic?utm_source=rss1.0mainlinkanon&utm_medium=feed

Team Security Social Media

➤ Weitere Beiträge von Team Security | IT Sicherheit

  • SQL Injection Payload List

    vom 300.89 Punkte ic_school_black_18dp
    SQL InjectionIn this section, we'll explain what SQL injection is, describe some common examples, explain how to find and exploit various kinds of SQL injection vulnerabilities, and summarize how to prevent SQL injection.What is SQL injection (SQLi)?SQL
  • Malcolm - A Powerful, Easily Deployable Network Traffic Analysis Tool Suite For Full Packet Capture Artifacts (PCAP Files) And Zeek Logs

    vom 292.5 Punkte ic_school_black_18dp
    Malcolm is a powerful network traffic analysis tool suite designed with the following goals in mind: Easy to use – Malcolm accepts network traffic data in the form of full packet capture (PCAP) files and Zeek (formerly Bro) logs. These artifacts can be
  • Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic

    vom 234.15 Punkte ic_school_black_18dp
    An anonymous reader quotes a report from Bleeping Computer: A currently unpatched security vulnerability affecting iOS 13.3.1 or later prevents virtual private network (VPNs) from encrypting all traffic and can lead to some Internet connections bypassing
  • AA20-183A: Defending Against Malicious Cyber Activity Originating from Tor

    vom 207.83 Punkte ic_school_black_18dp
    Original release date: July 1, 2020SummaryThis advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) and Pre-ATT&CK framework. See the ATT&CK for Enterprise and Pre-ATT&CK frameworks for referenced threat actor techniques. This ad
  • TA18-106A: Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices

    vom 201.24 Punkte ic_school_black_18dp
    Original release date: April 16, 2018Systems Affected Generic Routing Encapsulation (GRE) Enabled DevicesCisco Smart Install (SMI) Enabled DevicesSimple Network Management Protocol (SNMP) Enabled Network DevicesOverview This joint Technical Alert (TA) is the result of analy
  • Best Apple iPhone iOS Apps List: (April 2020)

    vom 168.07 Punkte ic_school_black_18dp
    Best Apple iPhone iOS Apps List (2020) There are thousands of iOS apps available on the app store to choose from - so many, in fact, choosing the right and time-saving productivity apps/ tools have changed the way we communicate, watch TV and play games. or i
  • Protecting against unintentional regressions to cleartext traffic in your Android apps

    vom 150.18 Punkte ic_school_black_18dp
    Posted by Alex Klyubin, Android Security team When your app communicates with servers using cleartext network traffic, such as HTTP, the traffic risks being eavesdropped upon and tampered with by third parties. This may leak information about your users
  • Protecting against unintentional regressions to cleartext traffic in your Android apps

    vom 150.18 Punkte ic_school_black_18dp
    Posted by Alex Klyubin, Android Security team When your app communicates with servers using cleartext network traffic, such as HTTP, the traffic risks being eavesdropped upon and tampered with by third parties. This may leak information about your users
  • AA20-031A: Detecting Citrix CVE-2019-19781

    vom 143.26 Punkte ic_school_black_18dp
    Original release date: January 31, 2020SummaryUnknown cyber network exploitation (CNE) actors have successfully compromised numerous organizations that employed vulnerable Citrix devices through a critical vulnerability known as CVE-2019-19781.[1] Though mitiga
  • Scrounger - Mobile Application Testing Toolkit

    vom 142.3 Punkte ic_school_black_18dp
    Scrounger - a person who borrows from or lives off others. There is no better description for this tool for two main reasons, the first is because this tool takes inspiration from many other tools that have already been published, the second reason is because it lives off mobile application's vulnerabilities. Why Even t
  • Strictly Enforced Verified Boot with Error Correction

    vom 130.79 Punkte ic_school_black_18dp
    Posted by Sami Tolvanen, Software Engineer Overview Android uses multiple layers of protection to keep users safe. One of these layers is verified boot, which improves security by using cryptographic integrity checking to detect changes to the operating syste
  • Strictly Enforced Verified Boot with Error Correction

    vom 130.79 Punkte ic_school_black_18dp
    Posted by Sami Tolvanen, Software Engineer Overview Android uses multiple layers of protection to keep users safe. One of these layers is verified boot, which improves security by using cryptographic integrity checking to detect changes to the operating syste

Team Security Diskussion über Unpatched iOS Bug Blocks VPNs From Encrypting All Traffic