A new as-yet unpatched weakness in Apple’s iCloud Private Relay feature could be circumvented to leak users’ true IP addresses from iOS devices running the latest version of the operating system.
Introduced with iOS 15, which was officially released this week, iCloud Private Relay aims to improve anonymity on the web by employing a dual-hop architecture that effectively shields users’ IP address, location, and DNS requests from websites and network service providers.
It achieves this by routing users’ internet traffic on the Safari browser through two proxies in order to mask who’s browsing and where that data is coming from in what could be viewed as a simplified version of Tor.