Tests indicate that every VPN product is vulnerable on at least one device, the researchers say. VPNs for iPhones, iPads, MacBooks, and macOS are extremely likely to be vulnerable, that a majority of VPNs on Windows and Linux are vulnerable, and that Android is the most secure with roughly one-quarter of VPN apps being vulnerable.
unsure about patches applied since writing, but near the ending pages in the original paper theres a more exhaustive list of the state of vpns