Skip to Content
© Solarseven | Dreamstime.com
Security & privacy

This new iOS 15 feature has a flaw that could put your data at risk

Apple’s new version of iOS has been out for just a week, and there are already severe problems being detected. This isn’t unusual with the latest software releases, as bugs and flaws are bound to pop up.

Last week, two issues were reported among users who downloaded and installed iOS 15 immediately. Some iPhones showed they were almost running out of storage space when in reality, they were not. The other bug had users claiming their battery life had diminished.

Those two issues were thankfully not severe and could be explained for a variety of reasons. But a new flaw has many concerned about security. Here is how one of iOS 15’s new features can put your security at risk.

Here’s the backstory

iOS 15 brings a host of new features, one of which is the iCloud Private Relay service. Working as a virtual private network (VPN), the feature allows you to hide your IP address and DNS requests from websites and network service providers.

iCloud Private Relay makes use of several online security measures to hide your details. But security researchers at FingerprintJS found that it doesn’t use a well-known solution. A Session Traversal Utilities for NAT (STUN) server returns your public IP address and port number.

It turns out that Safari doesn’t implement a STUN request through iCloud Private Relay. What this means without getting too technical is that “STUN servers know your real IP address,” FingerprintJS explained in a blog post. Safari passes more information through other environments, which includes your actual IP address.

In short, when using the iCloud Private Relay service while browsing with Safari, you are not totally hiding your actual IP address or DNS data.

What you can do about it

Many users enjoy the functionality that a VPN service can bring. But your choices aren’t limited to Apple’s offering. Here are some things you can do to stay safe and protect yourself from the leak in the new flaw:

  • Use a trusted VPN service other than iCloud Private Relay. This will make sure that your web and phone’s traffic is routed so that nobody can see your IP address.
  • Disable JavaScript in your Safari’s browser settings. This will turn off WebRTC and protect you from this flaw.
  • Don’t use iCloud Private Relay until Apple rolls out a software fix. Apple must modify traffic routing in Safari to go through iCloud Private Relay.

The most important thing to stay safe is to stick with a VPN you can trust. We recommend our sponsor, ExpressVPN.

Get the only VPN service that Kim uses on all your digital devices today: ExpressVPN. Get three months free when you sign up for one year at ExpressVPN.com/Kim.

Keep reading

Two great reasons to get iOS 15 right now

Update your iPhone! iOS 15 here – These are the best new features

Komando.com App background

Check out the free Komando.com App!

Get the latest tech updates and breaking news on the go, straight to your phone, with the Komando.com App, available in the Apple Store and Google Play Store.

Download Now