That's a post from April 2019 showing a very similar issue with IKEv2 VPNs leaking traffic on iOS. I wonder if the two issues are related. Back then, Apple was made aware under responsible disclosure but apparently nothing was done about it.
"The bugs were related to Apple deprecating network kernel extensions (NKEs) in Big Sur and introducing a new system called Network Extension Framework, and Apple engineers not having enough time to iron out all the bugs before the Big Sur launch last fall."
Those are my favorite recent examples, but specifically Apple has huge issues with turnaround time. They also don't communicate with or assist the researchers who found these exploits either, which makes things particularly frustrating for people who ultimately both want to secure Apple's systems. Their overt hostility, history of poor communication, and frankly pathetic bug bounties are all contributors to how people perceive Apple's relationship with security experts.
reply