Affecting Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android.
More information ---> https://lwn.net/Articles/806546/William Tolley has disclosed a severe VPN-related problem in most current systems: "I am reporting a vulnerability that exists on most Linux distros, and other *nix operating systems which allows a network adjacent attacker to determine if another user is connected to a VPN, the virtual IP address they have been assigned by the VPN server, and whether or not there is an active connection to a given website. Additionally, we are able to determine the exact seq and ack numbers by counting encrypted packets and/or examining their size. This allows us to inject data into the TCP stream and hijack connections." There are various partial mitigations available, but a full solution to the problem has not yet been worked out. Most VPNs are vulnerable, but Tor evidently is not.