Apple has eliminated a controversial aspect in its macOS running program that permitted much more than 50 of its have apps to absolutely bypass 3rd-party security instruments like firewalls and virtual private networks (VPNs).
The ContentFilterExclusionList, introduced in macOS 11 Large Sur, was flagged by the security community and developers late last year as becoming a potential security risk. This list’s existence in macOS meant traffic produced from Apple software this kind of as Maps and iCloud couldn’t be blocked by a socket filter firewall.
The developer of the Minor Snitch firewall tool, Norbert Heger, described this conduct as “a hole in the wall”.
Patrick Wardle, a security researcher with software business Jamf, even shown how it may be achievable for malware to abuse “excluded” applications to deliver web targeted visitors to bypass firewalls.
These who at first sounded the alarm, such as Heger, Wardle and many others, have now welcomed Apple’s conclusion to eliminate ContentFilterExclusionList with the launch macOS 11.2 beta 2.
The exclusion checklist fist emerged as portion of Apple’s shift away from third-party kernel extensions, together with network kernel extensions (NKEs), which permitted builders to load code immediately into the macOS working technique. These NKEs, however, had been utilized by a variety of third-party security platforms, together with firewalls such as LuLu and Small Snitch.
To keep on to assistance these solutions on modern-day iterations of macOS, Apple launched the consumer-method Network Extension Framework (NEF), which developers could use as a substitute to retain macOS compatibility for their firewalls and VPNs.
Apple then exempted additional than 50 of its have programs and daemons from staying routed through the NEF by introducing the ContentFilterExclusionList. This meant 3rd-party firewalls that used this new framework weren’t ready to block website traffic from them.
“Many (rightfully) requested, “What very good is a firewall if it cannot block all traffic?”,” Wardle mentioned in a blog write-up. “Well, after plenty of lousy press and heaps of feedback/bug stories to Apple from builders these as myself, it seems wiser (a lot more security acutely aware) minds at Cupertino prevailed.”
“The ContentFilterExclusionList listing has been removed (in macOS 11.2 beta 2). Which suggests, (socket filter) firewalls such as LuLu can now comprehensively filter/block all network site visitors.”
Scientists have speculated that Apple excluded its possess applications from the oversight of 3rd-party firewalls in the identify of total security. For case in point, if excluded, these companies might keep on to get updates when all web website traffic is blocked.
Some elements of this post are sourced from: