A VPN bypass flaw discovered last week in Android Jelly Bean 4.3 also exists in KitKat 4.4, Israeli researchers say. The flaws make it possible for a malicious app to bypass a VPN (virtual private network) configuration and redirect the secure data communications to a different network address. The flaw is somewhat similar to what the same researchers found last December in Samsung’s Knox security platform. Google and Samsung dismissed the reported Knox flaw, saying the exploit “uses legitimate Android network functions in an unintended way””]
Source: https://www.csoonline.com/article/2134339/vpn-flaw-reported-in-latest-version-of-android.html