iPhone Users Beware: Apple's iCloud Private Relay Flaw Leaks Users' True IP Address
KEY POINTS
- Apple announced the iCloud Private Relay service as part of the iOS 15 beta
- The service is now available to users following its release last week
- Apple has already patched the flaw in macOS Monterey beta
Featured as a part of the iOS 15 beta and officially released last week, the iCloud Private Relay service aims to improve users' anonymity on the web, but a new report may have revealed otherwise, claiming the service is instead giving out users’ actual IP address.
The iCloud Private Relay service is a new feature designed to prevent third-party tracking of IP addresses, user locations and more. It is essentially meant to offer users with better privacy and enhanced anonymity. However, it appears that a flaw in the system makes the service not secure, as discovered and reported by researcher and developer Sergey Mostsevenko.
According to the researcher, the flaw caused a user's real IP address to be revealed with a proof of concept available on the FingerprintJS site.
"Because Safari doesn't proxy STUN requests through iCloud Private Relay, STUN servers know your real IP address. This isn't an issue on its own, as they have no other information; however, Safari passes ICE candidates containing real IP addresses to the JavaScript environment. De-anonymizing you then becomes a matter of parsing your real IP address from the ICE candidates — something easily accomplished with a web application," the researcher explained in his report.
Surprisingly, this is not a new finding of Apple's iCloud Private Relay service. A month ago, a Reddit user who goes by the name WhatTheHomePod revealed the same flaw in the service.
"If you perform a test with Private Relay turned on at step Reflexive connectivity you'll see your address from your ISP. If you connect through a virtual private network or proxy and try the test again then nothing is leaked. I have reported this bug to Apple. Just to be aware, for the users under us," the user noted.
Apple has already fixed the iCloud Private Relay service flaw through a patch released for the macOS Monterey beta. However, the flaw in iOS 15 is still unfixed.
Thanks for reaching out to us! We understand you’re having trouble with iCloud Private Relay. We’re here to help!
— Apple Support (@AppleSupport) September 22, 2021
We recommend viewing the “If a website or network doesn’t work with Private Relay” section of this article: https://t.co/nAI1iq6Qm0
It remains to be seen when Apple plans to roll out a new patch to fix this flaw in the system that aims to enhance user's anonymity and not disclose their identity. But, knowing Apple, it should get around to it very soon.
© Copyright IBTimes 2024. All rights reserved.
-
Eiffel Tower Loses Sparkle For Parisians Ahead Of Olympics
-
Former Number One Momota Retires From International Badminton At 29
-
World Bank Aiming To Connect 250 Mn Africans To Energy Grid By 2030
-
IMF Says Global Debt Levels Face 'Great Election Year' Risk
-
Divisions Among Colombia's FARC Dissidents Complicate Peace Talks
-
French Far Right Gets Youthful Vibe With 28-year-old Leader
-
US Fed's Powell Says Inflation Fight May Take 'Longer Than Expected'
-
Mideast-related Oil Price Spike Threatens 'Relatively Good' Economic Outlook: IMF Chief Economist
-
Wine Growers 'On Tip Of Africa' Race To Adapt To Climate Change
-
Despite Olympic Truce, Games Wrestle With Political Fallout
