Skip to main content

Yet another critical VPN-related bug found in iOS 16

It was sometime in May when a security expert first revealed that iPhone VPN apps were leaking users' data, claiming that Apple wasn't doing anything to fix it

Now, only a few months later, another major issue has been found when using VPN software on iOS. In this instance, some of people's most sensitive information is in real danger.  

Another expert has recently discovered that many Apple apps, including Health and Wallet, send users' private data outside an active VPN tunnel. 

However, the best VPN services are not the ones to blame here. 

See more

Apple apps bypass VPN encryption

"We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel. Worse, it leaks DNS requests," developer and security researcher Tommy Mysk tweeted on October 12.

Theoretically, when you connect to a secure VPN, your data is encrypted and passed through one of its international servers before it reaches it destination. This means that neither your ISP, nor any other third party should be able to access this flow of information. Similarly, the websites you visit won't be able to define your real IP address or any other identifying details.

Read more

> VPNs on iOS are "broken" and Apple doesn't seem to be doing anything to fix it

> Discover what is Apple Private Relay and if it's worse than a VPN

> Our pick of the best Mac VPN apps around right now

Mysk ran a few tests on iOS 16 with both Proton VPN and Wireshark active. To his dismay, he and his team found out that many Apple apps actually ignore the VPN tunnel and exchange data directly with Apple servers.

What's worse, the applications leaking data are actually those managing the most private and sensitive information. These are Health, Wallet, Apple Store, Clips, Files, Find My, Maps and Settings.  

Talking about the reasons behind this bug, Myks seems to believe that Apple does so intentionally. 

"There are services on the iPhone that require frequent contact with Apple servers, such as Find My and Push Notifications. However, I don’t see an issue of tunneling this traffic in the VPN connection. The traffic is encrypted anyways,”  he told 9to5Mac, adding that they didn't expect such an amount of traffic to be exposed. 

Not just iOS VPN

As Mysk confirms during his testing, iPhone and iPad users are not the only ones risking their privacy. 

"I know what you're asking yourself and the answer is YES. Android communicates with Google services outside an active VPN connection, even with the options Always-on and Block Connections without VPN," he said. 

Just a few days ago we reported on Mullvad VPN's findings that Android devices are quietly undermining VPN services during its last security audit. 

Here, Android VPNs expose users' data while performing connectivity checks when accessing some Wi-Fi networks.  

The VPN provider pledged Google to add an option to opt out for these checks when the VPN is active, but the big tech giant believes there's no need for this. This is why Mullvad is now pushing for at least changing the "misleading" description of its VPN-related features.   



Source: TechRadar
Labels:

Popular posts from this blog

Apple and Meta Reportedly Discussed AI Partnership for iOS 18

Apple has held discussions with Meta about integrating the Facebook owner's AI model into iOS 18 as part of its Apple Intelligence feature set, according to a report over the weekend. Meta launched Llama 2, its large language model, in July 2023, and in April, the company released the latest versions of its AI models, called Llama 3 . The Wall Street Journal reports that the two longtime rivals have held talks about offering Meta's model as an additional option to OpenAI's ChatGPT. The paywalled report notes that the discussions haven't been finalized and could fall through. As part of Apple Intelligence, Apple has announced a partnership with OpenAI that will allow Siri to access ChatGPT directly in iOS 18, iPadOS 18, and macOS Sequoia to provide better responses in relevant situations. Using ChatGPT will be optional, so users with concerns about the technology can abstain and still make use of Apple's own new AI features. Speaking at WWDC 2024, Apple's
Read more

Here Are the macOS Sequoia Features Intel Macs Won't Support

When Apple released macOS Monterey in 2021, some key features required a Mac with Apple silicon. The same scenario played out with macOS Ventura in 2022, and then again the following year with the release of macOS Sonoma. With macOS Sequoia set to arrive in the fall, which new features can Intel Mac owners expect to be unavailable to them this time around? Apple says that macOS Sequoia is compatible with the same Macs as macOS Sonoma, but Apple's fine print reveals that certain new features won't work on Intel machines. If you're still on an Intel Mac, here's what you won't have access to. Apple Intelligence Apple Intelligence , a deeply integrated, personalized AI feature set for Apple devices that uses cutting-edge generative artificial intelligence to enhance the user experience, won't be available on Intel Macs. Apple says the advanced features require its M1 chip or later, so if your Mac was released before November 2020, you're out of luck. T
Read more

iPhone 16 Pro Models to Adopt 'M14' Advanced Samsung OLED Panels for Improved Brightness and Lifespan

The upcoming iPhone 16 Pro and iPhone 16 Pro Max will be the first Apple smartphones to adopt Samsung's high performance "M14" OLED display panel, claims a new report coming out of South Korea. According to ETNews , Samsung's "M" series of OLED panels are made for flagship smartphones, while "14" refers to the number of high-performance materials used to produce them. "M14" is the first series of its kind, and the panel is said to have been developed to deliver superior brightness and longevity. Samsung has reportedly placed orders for the M14 materials and is preparing to mass produce the displays in the second half of the year for Apple's iPhone 16 Pro models. Google's Pixel 9 smartphone is the only other device that is expected to adopt the high-performance displays in 2024. A previous report out of China claimed that this year's ‌iPhone 16 Pro‌ models will feature up to 1,200 nits of typical SDR brightness – a 20%
Read more

Apple Boosts A18 Chip Orders in Anticipation of High iPhone 16 Demand

Apple is said to have upped its order of next-generation chips from TSMC to between 90 million and 100 million units, following heightened demand expectations for its iPhone 16 series. Last year's initial chip order volume for the iPhone 15 series launch is believed to have been in the region of 80-90 million units, suggesting Apple is anticipating higher demand for its 2024 devices, according to Taiwanese outlet CTEE . The arrival of Apple Intelligence in iOS 18 is expected to boost initial sales of the devices. One of the reasons is that Apple Intelligence requires at least an iPhone 15 Pro to run, which means owners of last year's iPhone 15 and iPhone 15 Plus will miss out on Apple's new AI features unless they upgrade to an iPhone 15 Pro or plump for one of the iPhone 16 models. Last year, the iPhone 15 and iPhone 15 Plus were equipped with the A16 Bionic chip – the same chip that was in the iPhone 14 Pro models – whereas the iPhone 15 Pro and iPhone 15 Pro Max f
Read more