Security News > 2021 > January > Apple Kills MacOS Feature Allowing Apps to Bypass Firewalls

Apple has removed a contentious macOS feature that allowed some Apple apps to bypass content filters, VPNs and third-party firewalls.

The feature, first uncovered in November in a beta release of the macOS Big Sur feature, was called "ContentFilterExclusionList" and included a list of at least 50 Apple apps - including Maps, Music, FaceTime, the App Store and its software update service.

Researchers found these apps were excluded from being controlled by Apple's NEFilterDataProvider feature.

After discovering the undocumented exclusion list back in November, security researchers criticized Apple, saying it was a liability that can be exploited by threat actors to bypass firewalls, give them access to people's systems and expose their sensitive data.

"Many asked, 'What good is a firewall if it can't block all traffic?' I of course also wondered if malware could abuse these 'excluded' items to generate network traffic that could surreptitiously bypass any socket filter firewall," said Wardle.

The new change means that firewalls such as LuLu - an open-source firewall that blocks outgoing unknown connections on Macs - can now comprehensively filter and block network traffic for all Apple apps, Wardle said.

News URL

https://threatpost.com/apple-kills-macos-feature-allowing-apps-to-bypass-firewalls/163099/