In November of last year we reported a vulnerability that allowed to a network adjacent attacker to make inferences about active connections inside VPN-tunneled connections and inject data to reset or hijack these connections. This vulnerability was assigned CVE-2019-14899 and affected Apple, Android, and many Linux and BSD systems. You can read about this in detail in our post from May. This post describes a new attack which takes advantage of the insight gained from the previous attack, but...
