Apple allows some of its apps to bypass the firewall |
Apple is facing issues with a new feature in macOS Big Sur that allows many of its apps to bypass firewalls and VPNs.
With this feature, malware can use the same restrictions to access sensitive data stored on users' systems and transfer it to a remote server.
A Twitter user first discovered the problem last month in a beta version of the operating system.
Users say: Some Apple apps bypass some firewalls and VPN apps so Maps can bypass any NEFilterDataProvider or NEAppProxyProvider you run to directly access the internet.
After the iPhone manufacturer released the latest version of macOS on November 12, that behavior has not changed, sparking concerns among security researchers that the change could be misused.
It's important to note that bypassing macOS can leave systems vulnerable to attack, not to mention the inability to restrict or block network traffic based on user judgment.
According to security researcher Patrick Wardle, Apple has exempted 50 of its apps and operations from firewalls like Little Snitch and Lulu.
In the past year, Apple stopped supporting core network extensions, and this behavior has changed. Software developers used to use applications to interact directly with the operating system, and Apple no longer supports the Network Extension framework.
In a tweet in October, Wardle said: So far it has been possible to implement a complete Network Kernel Extension firewall. Apple has stopped using the Network Kernel Extension and published the Network Extensions Framework, but many of its applications seem to bypass this filter. mechanism.
NEFilterDataProvider is used to monitor and control Mac network traffic. Bypassing the NEFilterDataProvider makes it difficult for VPNs to block Apple apps.
Wardle also showed an example of how a malicious application could use this solution to extract sensitive data into a server that an attacker would control.
It's unclear whether the company can protect its personal apps from the driving force of firewalls and VPNs.
This could be part of Apple's efforts to fight malware and hacking by blocking app traffic from VPN servers and blocking access to geo-restricted content through VPNs.
It should be noted that firewalls are not limited to corporate networks, but also used by a large number of people concerned with security or privacy to filter or redirect the traffic sent inside and outside the company. Off the computer.