TunnelVision, as the researchers have named their attack, largely negates the entire purpose and selling point of VPNs, which is to encapsulate incoming and outgoing Internet traffic in an encrypted tunnel and to cloak the user’s IP address. The researchers believe it affects all VPN applications when they’re connected to a hostile network and that there are no ways to prevent such attacks except when the user's VPN runs on Linux or Android. They also said their attack technique may have been possible since 2002 and may already have been discovered and used in the wild since then.

VPNs have many purposes. If true, this negates one use. Using an untrusted network where a hostel actor is using this attack. And you are not on Linux or Android. Kinda sensationalized title but it is a big deal.

Apple and Windows have had issues with their VPNs in the past. Not the first time someone has found a hole.