We're looking at mitigation options for the TunnelVisioning attack that exploits DHCP option 121 to set routes. It looks like Per-App VPN doesn't have the problem, but in standard mode we aren't able to touch potentially malicious host routes, so while we can mitigate it we can't eliminate the security problem completely.
Is there any way to tell iOS and macOS to ignore DHCP option 121? Or even better, does Apple have a fix in the works?
