• by Ray Schultz , September 24, 2021

One of Apple’s new features, iCloud Private Relay, can be sidestepped to leak users’ IP addresses, according to an analysis in The Hacker News. 

The new offering was introduced earlier this week with iOS 15. It is an open-source initiative that provides web browsers and mobile applications with real-time communication, The Hacker News writes. 

The goal is to improve anonymity by shielding a user’s IP address, location, and DNS requests from websites and network service providers, the report says.

But the feature, which  routs users' internet traffic on the Safari browser through two proxies, is available to iCloud+ subscribers running iOS 15 or macOS 12 Monterey and above.

FingerprintJS writes that if you “read the IP address from an HTTP request received by your server, you'll get the IP address of the egress proxy," according to The Hacker News. "Nevertheless, you can get the real client's IP through WebRTC."

The report continues that FingerprintJS “said it alerted Apple to the problem, with the iPhone maker already rolling out a fix in its latest beta version of macOS Monterey. However, the leak has remained unpatched when using iCloud Private Relay on iOS 15.”

Apple had not responded to a request for comment at deadline.