A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HApple iPadOS
OSApple< 13.6Apple iOS
OSApple< 13.6Apple macOS
OSApple11.0Apple Mac Os X
OSApple< 10.15.6Apple tvOS
OSApple< 13.4.8Freebsd
OSFreebsdwszystkie wersjeLinux Kernel
OSLinuxwszystkie wersjeOpenbsd
OSOpenbsdwszystkie wersje
Related vulnerabilities
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach
Apple — memory corruption (RCE) w przetwarzaniu strumieni audio