MacOS Big Sur 11.2 beta 2, released yesterday, eliminates a feature that allowed Apple applications to bypass third-party firewalls, security tools and VPN applications, according to reports from ZDNet and security researcher Patrick Wardle.
MacOS Big Sur 11 included a ContentFilterExclusionList that allowed Apple applications, such as App Store, Maps, iCloud and more, to avoid firewall and VPN applications installed by users. These applications were unable to filter or inspect the traffic of some integrated Apple applications.
Security researchers believe the feature, discovered last October, is a major security risk, as the malware can be designed to attach to a legitimate Apple application and bypass security software. Users who had VPNs installed were also at risk of exposing their real IP address and location to Apple applications.
Omg, we made it! 🤩 Thanks to community feedback (and yes, bad press) Apple decided to remove ContentFilterExclusionList (in 11.2 beta 2) It means that socket filter firewalls (for example, LuLu) can now comprehensively monitor / block all system traffic operational !! Read more: https://t.co/GJXkRA31e7 https://t.co/BCPqdCjkV0 – patrick wardle (@patrickwardle) January 13, 2021
Apple said ZDNet last year the list was temporary and the result of a series of bugs related to the depreciation of network kernel extensions in macOS Big Sur. Apple has addressed these bugs and, in the second beta version of macOS Big Sur, released yesterday, removed ContentFilterExclusionList from the macOS code.
When macOS Big Sur 11.2 is released, Apple applications will be compatible with VPN applications and will no longer be able to bypass firewalls and other security tools.