macOS Big Sur 11.2 Beta 2 Removes Feature Letting Apple Apps Bypass Third-Party Firewalls and VPNs
macOS Big Sur 11.2 beta 2, which was released yesterday, eliminates a feature that allowed Apple apps bypass third-party firewalls, security tools, and VPN apps, according to reports from ZDNet and security researcher Patrick Wardle.
macOS Big Sur 11 included a ContentFilterExclusionList that let Apple's apps like the App Store, Maps, iCloud, and more to avoid firewall and VPN apps that users had installed. These apps were not able to filter or inspect traffic for some built-in Apple apps.
Security researchers believed that the feature, found last October, was a major security risk as malware could be designed to latch on to a legitimate Apple app and bypass security software. Users who had VPNs installed also risked exposing their real IP address and location to Apple's apps.
Apple told
ZDNet last year that the list was temporary and the result of a series of bugs related to the deprecation of network kernel extensions in macOS Big Sur. Apple has been addressing those bugs, and in the second beta of macOS Big Sur released yesterday, removed the ContentFilterExclusionList from the macOS code.
When macOS Big Sur 11.2 sees a release, Apple apps will be compatible with VPN apps and will no longer be able to bypass firewalls and other security tools.
Related Stories
Alongside iOS 14.5.1 and watchOS 7.4.1, Apple today also released macOS Big Sur 11.3.1, which the company says "provides important security updates".
According to the full security notes for the release, it addresses a memory corruption issue and an integer overflow in WebKit that could both be exploited using maliciously crafted web content. Apple says it aware of a report that these issues ...
Apple today seeded the first beta of an upcoming macOS Big Sur 11.2 update to developers for testing purposes, with the new beta coming two days launch of macOS Big Sur 11.1, the first major update to he operating system first launched in November.
Developers can download the macOS Big Sur 11.2 beta using the Software Update mechanism in System Preferences after installing the proper...
Apple's recently released macOS Big Sur 11.4 update addresses a serious security vulnerability, so all users should complete the software update immediately.
Jamf, a mobile device management company, raised a major security issue in macOS Big Sur that allowed attackers to piggyback apps like Zoom to surreptitiously take screenshots and record the screen. The exploit allowed a user's Privacy...
Apple today seeded the first beta of an upcoming macOS Big Sur 11.4 update to developers for testing purposes, with the new beta coming while the macOS 11.3 beta is still in testing. Developers can download the macOS Big Sur 11.4 beta using the Software Update mechanism in System Preferences after installing the proper profile from the Apple Developer Center.
According...
Apple today seeded the second beta of an upcoming macOS Big Sur 11.4 update to developers for testing purposes, with the new beta coming two weeks after the release of the first macOS Big Sur 11.4 beta.
Developers can download the macOS Big Sur 11.4 beta using the Software Update mechanism in System Preferences after installing the proper profile from the Apple Developer...
Apple today seeded the release candidate version of an upcoming macOS Big Sur 11.4 update to developers for testing purposes, with the new beta coming two weeks after the release of the third macOS Big Sur 11.4 beta.
Developers can download the macOS Big Sur 11.4 beta using the Software Update mechanism in System Preferences after installing the proper profile from the...
Apple today released macOS Big Sur 11.2.3, the fifth update to the macOS Big Sur operating system that launched in November. macOS Big Sur 11.2.3 comes two weeks after the release of macOS 11.2.2, a bug fix update.
The new macOS Big Sur 11.2.3 update can be downloaded for free on all eligible Macs using the Software Update section of System Preferences.
Apple...
Apple today seeded the first public betas of iOS 14.7, iPadOS 14.7, and macOS Big Sur 11.5 to public beta testers, one day after seeding first betas to developers.
Public beta testers who have signed up for the beta testing program can download the iOS and iPadOS 14.7 updates over the air after installing the proper certificate from the Public Beta website on an iOS device. macOS Big Sur...
Popular Stories
Apple's AirPods have been credited with saving a woman's life after a potentially fatal fall, People reports.
When a 60-year-old florist in New Jersey tripped and hit her head in her studio, she lost consciousness and awoke heavily bleeding. With nobody around to call for help, she realized she had her AirPods in, and used a "Hey Siri" command to call 911. An operator was able to stay on the ...
Apple is working on a number of new products that are set to launch this fall, and Bloomberg's Mark Gurman says that it will be "the widest array" of new devices that Apple has introduced in its history.
In his latest "Power On" newsletter, Gurman explains that Apple is working on four new flagship iPhones (iPhone 14, iPhone 14 Max, iPhone 14 Pro, and iPhone 14 Pro Max), an updated low-end Ma...
Apple has always emphasized the depth of thought that goes into the design of its products. In the foreword to Designed by Apple in California, a photo book released by the company in 2016, Jony Ive explains how Apple strives "to define objects that appear effortless" and "so simple, coherent and inevitable that there could be no rational alternative."
But every once in a while even Apple...
As we roll into the latter half of January, we're starting to hear more about a potential spring Apple event, which is likely to take place in March or April. There are a number of potential announcements on deck, so an event would be a good opportunity for Apple to get them all out there.
We've also been going back and forth on some iPhone 14 rumors, and we've taken a look at a number of...
AT&T today announced the launch of upgraded AT&T Fiber plans, which support speeds of up to 5 Gigabits for some customers. There are two separate plans, one "2 GIG" plan and one "5 GIG" plan, available to new and existing AT&T Fiber subscribers.
According to AT&T, the new plans are available to nearly 5.2 million customers across 70 metro areas including Los Angeles, Atlanta, Chicago, San...
Three months after their launch, the 14-inch and 16-inch MacBook Pros continue to experience high demand and seemingly short supply, with shipping dates for both models stretching into multiple weeks in several of Apple's key markets.
In the United States, the baseline 14-inch MacBook Pro with the M1 Pro chip is estimated to ship in three to four weeks, promising an arrival by at least...
Following months of bleak news about Peloton's "precarious state," including the revelation that it has halted production of its bikes and treadmills, Apple is being floated as a potential buyer of Peloton's troubled fitness business.
Yesterday, CNBC reported that Peloton will temporarily stop production of its connected fitness products due to a "significant reduction" in consumer demand, a ...
Earlier this week, Bloomberg's Mark Gurman tweeted that Apple "will be holding a spring event" to announce a new iPhone SE and other hardware. In a recent edition of his newsletter, Gurman said the event is likely to occur in March or April.
Gurman did not elaborate on what "other hardware" will be announced at Apple's purported spring event, but rumors suggest at least four products are...
Top Rated Comments
<sigh>
Ha ha that cracks me up!
A security researcher example: they want to observe how an app communicates with the network, how its behavior changes when they limit some of that communication, etc. They weren't able to do that with some of Apple's apps. For example, if App Store or Find My had a security bug related to network communication, they would have a hard time finding out. Not only can they not control the traffic from those services, they can't even see it.
A more general-purpose example: you're on cellular (or some other metered connection), and use an app like Trip Mode to limit data usage. Well, you can't see the data some of Apple's stuff uses. App Store or Software Update download a large update in the background? Trip Mode won't be able to tell you.
There were probably some reasons Apple did all this in the first place (for example, one might argue that macOS needs to be able to download updates to Xprotect malware definitions no matter what), but there's also a fair bit of hubris involved. It feels like once they did decide to make that exemption list, all kinds of software teams internally signed up to be added, and that's just opening the floodgates for trouble.
Anyway, all this, it appears, is now resolved.
What an unfortunate “bug” this mustve been for Apple before it was found ;)