VPN bug of Android 4.4

In late July of 2013, Google released Android 4.3 Jelly Bean, but it is just a version with slight update. When users were waiting for the legendary Android 5.0 Key Lime Pie, Google announced the next version of Android would be named as KitKat, namely Android 4.4.
However, after Android 4.4 KitKat was released after a short time, a VPN bug was found in it. This bug allows attackers to eavesdrop and transfer the flow of VPN. The finder of the VPN bug pointed out in his blog that a malicious program can bypass initiative VPN configuration (without Root permission) and redirect the safe data communication to a different network address. These communications capture clear text, so all information is exposed. Nevertheless, users mistakenly think communications are ciphered and links are safe.
Actually, the VPN bug of Android 4.4 exploits legal Android network functions to intercept non-ciphered network connection data coming from apps, but it can not attack the communications which are ciphered before sending. Computer security counselors also point out SSL email links and HTTPS-enabled websites or other security protocols will not be influenced. However, not all apps will cipher their communications, which means many communications will be influenced by VPN bypassing.
The finder of VPN bug of Android 4.4 also shows he has informed Google with this bug. We hope Google can release updates timely to fix it.