ProtonVPN has identified a vulnerability in iOS 13.3.1 and 13.4 that makes VPN connections less secure under certain circumstances. Among other things, users’ IP addresses can become transparent.
ProtonVPN describes that a community member discovered that iOS in version 13.3.1 does not close existing connections when using VPN, a bug that also appears in 13.4 and for which there is no patch yet. According to ProtonVPN, this will not cause any problems for most connections, because they are short-lived and will eventually be set up via the VPN tunnel. However, some connections may remain open for hours outside the VPN tunnel, is the warning.
As an example, the Swiss company gives the push system for notifications from iOS. “But the problem can affect any app or service, such as instant messaging applications or web beacons.” Most connections nowadays are encrypted anyway, but in those circumstances servers can see the user’s IP address instead of the VPN service. Especially for users in countries with repressive regimes, this can cause problems for users, Proton said.
In addition, VPN providers are unable to work around the problem directly, as iOS does not allow third parties to shut down connections. However, the company has discovered a workaround, in which users must connect to the VPN and then switch off and on airplane mode. The service cannot guarantee that this will completely solve the problem.