iPhone VPN Security Issues Persist in iOS 16, Researchers Claim

The vulnerability was initially said to affect iOS version 13.3.1.Mullvad VPNalsowarned of the issuein 2020.

And this year, researcher Michael Horowitz said thevulnerability exists in iOS version 15.6.1.

Security researchers atMyskhave demonstrated that iOS 16 communicates with Apple services outside of an activeVPN tunneland leaks DNS requests.

“Worse, it leaks DNS requests.

Apple services that escape the VPN connection include Health, Maps, Wallet.”

VPN users withcritical privacy needslike journalists, dissidents and activists are especially at risk if their traffic leaks.

We confirm that iOS 16 does communicate with Apple services outside an active VPN tunnel.

Additionally, the researchers indicated thatdata leaks persistedeven with Apple’s newLockdown Modeenabled.

In fact, they say the leaks were worse in that mode.

Update: The Lockdown Mode leaks more traffic outside the VPN tunnel than the “normal” mode.

It also sends push notification traffic outside the VPN tunnel.

Proton VPN outlined a potential workaround in itsblog postdocumenting the issue.

The VPN should then reconnect, and all internet connections should be re-established through the VPN tunnel.

However, Proton VPN does warn that there is no 100% guarantee that this method will work.

“The leak likewise affects VPN services across the board, not simply Proton.

This situation is obviously suboptimal, but it does not expose user browsing history or other online activity.”