Thanks for the reply! Here’s their 2024-5-8 reply for reference:

Hi! Our engineers have conducted a thorough analysis of this threat, reconstructed it experimentally, and tested it on Proton VPN. We concluded that:

• the attack can only be carried out if the local network itself is compromised
• our Windows and Android apps are fully protected against it
• for iOS and macOS apps, you are completely protected from this as long as you’re using a Kill Switch and a WireGuard-based protocol (our apps use WireGuard by default, and if a user wants to use something other than WireGuard derivates, they’d have to manually set it up). Note that Stealth, WireGuard TCP, and our Smart protocol on iOS/macOS are all WireGuard-based.
• for our Linux app, we’re working on a fix that would provide full protection against it.