• Sat. Oct 22nd, 2022

For all of Apple’s talk of being privacy-first, often its marketing speak doesn’t match up with what it’s actually doing. And the latest example? Well, it’s Apple apps on Big Sur bypassing firewalls and VPNs. I don’t need to tell you just how worrying this is…

Nov 16, 2020

For all of Apples talk of being privacy-first, often its marketing speak doesnt match up with what its actually doing. And the latest example? Well, its Apple apps on Big Sur bypassing firewalls and VPNs.
I dont need to tell you just how worrying this is.
The issue was first spotted in the macOS Big Sur beta by Twitter user @mxswd all the way back in October. They had this to say:
Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running
Maxwell (@mxswd) October 19, 2020
This was confirmed and expanded upon by Patrick Wardle, a security researcher at Jamf.
This is true
Previously, a comprehensive macOS firewall could be implemented via a Network Kernel Extension (kext)
Apple deprecated kexts, giving us Network Extensions.but apparently (many of) their apps / daemons bypass this filtering mechanism.
Are we ok with this!? https://t.co/rYkDnuOgLJ
patrick wardle (@patrickwardle) October 20, 2020
Effectively, Wardle says that previous versions of macOS allowed a firewall or VPN to be set up using the Network Kernel Extension. But this isnt the case in Big Sur.
What Wardle found is that the Mac App Store on the latest macOS bypasses any firewall. For all intents and purposes, its traffic is invisible to firewalls. Whats happening is that Apple apps on Big Sur are beginning to operate outside the users control. Which is terrible news.
This story was brought to light on Apple Term, but many assumed it would be fixed when Big Sur was released to the general public. This hasnt happened.
The question you might be asking next is so what? Whats the issue here?
Well, aside from control over your own system, Apple apps on Big Sur being able to bypass firewalls and VPNs is a huge privacy and security issue. Wardle showed on Twitter how easy it is for malware to exploit this gap:
In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.)
Q: Could this be (ab)used by malware to also bypass such firewalls?
A: Apparently yes, and trivially so pic.twitter.com/CCNcnGPFIB
patrick wardle (@patrickwardle) November 14, 2020
What this amounts to is that bad actors could exploit this hole in Apple apps on Big Sur to send out your personal data to remote servers. This should worry everyone.
The big question though is why the companys doing this. So far, it hasnt said why Apple apps on Big Sur are exempt from firewalls and VPNs, but there are some theories.
One school of thought is that this makes it harder for users to pretend theyre in different countries, meaning it can be stricter on licensing issues. Another is that Apple wants to keep its apps data and traffic out of VPN servers.
Whatever the reason, I severely doubt its good enough to excuse Apples actions here.
If you want to understand further what this sort of activity does, Id recommend you go and read this piece from Jeffrey Paul about why your computer isnt yours. Its a sobering look at the world were living in, where
So much for Apple being privacy-first, hey?
For more gear, gadget, and hardware news and reviews, follow Plugged on
Twitter and
Published November 16, 2020 — 09:11 UTC