Apple’s iOS 9 breaks VPNs

destroyedserverAny hopes that the fruity cargo cult Apple might make its way onto corporate systems have been dashed by the fact that its latest iOS9 breaks  Virtual Private Network (VPN) connections.

The bug was first detected in the iOS 9 beta, and Apple ignored it when it released the OS.  It then ignored it again in the current iOS 9.1 beta.  The reason might be that knowledge of the bug might prevent corporates from investing a fortune in expensive Apple gear.  Jobs’ Mob has been signing all sorts of agreements to enter the corporate market. If the IT managers find out that the OS is insecure they will not buy it.

However the outfit has not managed to keep the lid on the flaw. Cisco reported the bug on social media, claiming that they had noticed “a couple of OS regressions between iOS 8.4.1 and iOS 9 […]

“Most notable is that when doing split tunneling, the Tunnel All DNS option no longer functions as expected. This was reported to Apple under Radar # 22558059. This is not resolved in the iOS 9 release.”

Because of this incompatibility, DNS resolution will not work on their network setup. Some corporate servers will no longer be available to users, even after successful login.

The Tame Apple Press points out that the iOS 9 bug harms only VPN access. In addition to the popular Cisco AnyConnect service, reports suggest other VPN providers are also affected.

The only work around is to roll back all devices on the network to iOS 8.4.1, restoring the device backup from iTunes – and not from iCloud.  iOS backups are automatically cleared out by Apple, so .ipsw backup files may no longer be available.

The Tame Apple Press also claims that Jobs Mob need not worry as VPN’s are ready to ban their use anyway. Russia has taken an aggressive stance against its use, suggesting that restricting anonymising networks will “increase opportunities to counter the commercial distribution of malware” and help to reduce access to “forbidden” information online.

Of course, no one at a corporate level would believe that sort of approach to security is a good idea and the question becomes, if the software stuffs up VPNs what else will it break, they would probably wonder.