Apple’s own apps aren’t exempt from firewalls anymore.
What you need to know
- Apple is removing its apps from a firewall exception list in macOS Big Sur 11.2 beta 2.
- The company had prevented its own apps from being blocked by an installed firewall.
As reported by 9to5Mac, Apple had made a change in macOS Big Sur that allowed Apple’s own apps to bypass firewall filters. This move raised concerns among developers and, in the macOS Big Sur 11.2 beta, Apple has responded and removed these apps from the exception list.
After some macOS apps didn’t work due to a outage in Apple’s servers on the launch day of Big Sur, developers tried to block the system from communicating with these servers but they found out that Apple forced its official apps to have full access to the network even with a firewall configured.
An internal file in macOS Big Sur called”ContentFilterExclusionList” allowed a number of Apple apps and services to bypass installed firewalls, causing a security issue that could be taken advantage of by hackers.
Since these apps and services were bypassing the firewalls, users could no longer block them or even monitor them to see how much data Apple apps were transferring or what IP addresses they were communicating with. Worse than that, it was revealed that hackers could create malware that abuses these “excluded items” to bypass the firewall.
Security researcher Patrick Wardle found that Apple removed its apps from the exception list with the release of macOS Big Sur 11.2 beta 2 today:
Omg we did it! 🤩
Thanks to the community feedback (and ya, bad press) Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2)
Means socket filter firewalls (e.g. LuLu) can now comprehensively monitor/block all OS traffic!!
— patrick wardle (@patrickwardle) January 13, 2021
While this is good to see that macOS 11.2 beta 2 fixes this issue, it is currently unclear when the update will roll out to the public.