Apple has left a VPN bypass vulnerability in iOS unfixed for at least two years, leaving identifying IP traffic data exposed, and there’s no sign of a fix.
Back in early 2020, secure mail provider ProtonMail reported a flaw in Apple’s iOS version 13.3.1 that prevented VPNs from encrypting all traffic. The issue was that the operating system failed to close existing connections.
This could potentially allow an attacker to identify a VPN user’s source IP address. For those actually relying on hiding that data to avoid attention from a repressive regime or someone seeking private information, this is not a trivial concern.
Source: The Register