Apple has now removed a worrying macOS feature that allowed some Apple apps to bypass content filters, VPNs & 3d-party firewalls.
Security researchers criticised the controversial macOS Big Sur feature for exposing users’ sensitive data.
The feature, 1st uncovered in Nov. in a beta release of the macOS Big Sur feature, was called “Content Filter Exclusion List” & included a list of at least 50 Apple apps, which included Maps, Music, FaceTime, the App Store & its software update service. It has been recently removed in macOS Big Sur versions 11.2; Apple experts pointed out.
“After lots of bad press & lots of feedback/bug reports to Apple from developers such as myself, it seems wiser (more security conscious) minds at Cupertino prevailed,” observed Patrick Wardle, Principal Security Researcher with Jamf, last week. “The Content Filter Exclusion List has been removed (in macOS 11.2 beta 2).”
Researchers found these apps were excluded from being controlled by Apple’s NE Filter Data Provider feature. NE Filter Data Provider is a simple network content filter, which is used by 3rd-party application firewalls (such as host-based macOS application firewall Little Snitch) & VPNs to filter data traffic flow on an app-by-app basis.
Because these apps bypassed NE Filter Data Provider, the service could not monitor them to see how much data they were transferring or which IP addresses they were communicating with, & ultimately could not block them if something were amiss.
After finding the undocumented exclusion list in Nov., security researchers criticised Apple, saying it was a liability that can be exploited by threat players to bypass firewalls, give them access to people’s systems & expose their sensitive data.
“Many asked, ‘What good is a firewall if it can’t block all traffic?’ I of course also wondered if malware could abuse these ‘excluded’ items to generate network traffic that could surreptitiously bypass any socket filter firewall,” commented Wardle. “Unfortunately, the answer was yes.”
This new change means that firewalls such as LuLu – an open-source firewall that blocks outgoing unknown connections on Macs – can now comprehensively filter & block network traffic for all Apple apps, Wardle concluded.