The vulnerability can be exploited to reveal limited traffic data including a device’s IP address.
An unpatched bug in the latest version of Apple’s iOS is blocking virtual private network (VPN) applications from cloaking some private data transmitted between a device and the servers they are requesting data from. While the bug remains unpatched, Apple is suggesting steps users can take to reduce risk, researchers state.
The bug, outlined in a report by ProtonVPN, impacts Apple’s most recent iOS 13.4. The flaw is tied to the way VPN security software loads on iOS devices. Post launch, VPN software is supposed to terminates all internet traffic and reestablishes connections as encrypted and protected. Researchers said the Apple VPN bypass bug in iOS fails to terminate all existing connections and leaves a limited amount of data unprotected, such as a device’s IP address, exposing it for a limited window of time.
In a couple of my recent diaries, we discussed two small unpatched vulnerabilities/weaknesses in Windows. One, which allowed us to brute-force contents of folders without any permissions, and another, which enabled us to change names of files and folders without actually renaming them. Today, we’ll add another vulnerability/weakness to the collection – this one will allow us to cause a temporary DoS condition for the Explorer process (i.e. we will crash it) and/or for other processes. It is interesting since all that is required for it to work is that a user opens a link or visits a folder with a specially crafted file.
Web application security, one of the most significant components in the web app extension, frequently gets ignored.
Within code development, app management, and visual design, web application security risks are frequently overlooked or are not accurately focused upon. And this can be detrimental to the organization.
If you are looking to increase the strength of web application security and want to go commercial with your app, then you are in the right place.
BGP does a great job of identifying optimal paths across the internet, but its lack of security controls allows the protocol to be exploited.
Whenever someone asks me, “What is border gateway routing protocol (BGP)?” I always use the following analogy to explain it: BGP is like the postal service. When you address a letter and drop mail in your mailbox, it gets mailed to the destination by using people, trucks, airplanes or sorted in postal facilities. BGP works the same way but it travels across the internet, is much faster and instead of airplanes or postal facilities, routers, circuits and central offices are used to reach its destination.