Light Dark
September 22, 2015 By Shane Schick 2 min read

Apple has made significant strides in getting some of its mobile devices adopted by large enterprises, but a problem in iOS 9 could cause issues for information workers who want to access their corporate network via a virtual private network (VPN).

Cisco posted a Facebook alert about the flaw, which remains in the most current version of iOS 9 and involves a malfunction in the Tunnel All DNS option in Cisco’s AnyConnect VPN product. It means remote workers may not be able to access some servers, although not necessarily all of them.

The iOS 9 bug is not limited to Cisco AnyConnect but potentially affects many similar products, as well, according to InfoWorld. It’s an issue that could prove frustrating for iPhone or iPad users who decided to upgrade to Apple’s latest mobile OS early since they would now have to figure out a way to move back to iOS 8.4.1, which is immune to the VPN connectivity flaw.

ZDNet said the only option is for iOS 9 users to first ensure they have backed up their device using iTunes. Although some might have assumed iCloud would be the more logical tool for this task, iTunes has a restore feature that can essentially make it seem like the upgrade never happened — and, perhaps more importantly, get them the corporate access they need.

Ironically, Apple and others have been working hard to prove that iOS 9 is one of the most secure mobile platforms in the industry, FierceMobileIT pointed out. This includes the ability for IT administrators to push apps to employee devices without going through the App Store or relying on an Apple ID, and the ability to integrate with enterprise mobile management software. An inability to get into the corporate network via VPN, however, may have IT departments putting off upgrades until a newer iteration of the beta is available.

Softpedia said that the iOS 9 bug could have something to do with the way some companies set up a particular VPN. Over time, this flaw will no doubt be resolved by Apple, but it shows that companies moving to a bring-your-own-device (BYOD) policy may need to think through potential connectivity snags as they allow employees more choice over the kinds of technologies they use.

 |  |  |  |  | 
Shane Schick
Writer & Editor

More from

March 4, 2025

FYSA — VMware Critical Vulnerabilities Patched

< 1 min read - SummaryBroadcom has released a security bulletin, VMSA-2025-0004, addressing and remediating three vulnerabilities that, if exploited, could lead to system compromise. Products affected include vCenter Server, vRealize Operations Manager, and vCloud Director.Threat TopographyThreat Type: Critical VulnerabilitiesIndustry: VirtualizationGeolocation: GlobalOverviewX-Force Incident Command is monitoring activity surrounding Broadcom’s Security Bulletin (VMSA-2025-0004) for three potentially critical vulnerabilities in VMware products. These vulnerabilities, identified as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, have reportedly been exploited in attacks. X-Force has not been able to validate those claims. The vulnerabilities…

February 21, 2025

SoaPy: Stealthy enumeration of Active Directory environments through ADWS

10 min read - Introduction Over time, both targeted and large-scale enumeration of Active Directory (AD) environments have become increasingly detected due to modern defensive solutions. During our internship at X-Force Red this past summer, we noticed FalconForce’s SOAPHound was becoming popular for enumerating Active Directory environments. This tool brought a new perspective to Active Directory enumeration by performing collection via Active Directory Web Services (ADWS) instead of directly through Lightweight Directory Access Protocol (LDAP) as other AD enumeration tools had in the past.…

February 14, 2025

Smoltalk: RCE in open source agents

26 min read - Big shoutout to Hugging Face and the smolagents team for their cooperation and quick turnaround for a fix! Introduction Recently, I have been working on a side project to automate some pentest reconnaissance with AI agents. Just after I started this project, Hugging Face announced the release of smolagents, a lightweight framework for building AI agents that implements the methodology described in the ReAct paper, emphasizing reasoning through iterative decision-making. Interestingly, smolagents enables agents to reason and act by generating…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature