Apple has taken out a controversial feature from its macOS running system that authorized the company’s possess initial-party applications to bypass material filters, VPNs, and third-party firewalls.
Called “ContentFilterExclusionList,” it involved a record of as many as 50 Apple applications like iCloud, Maps, Audio, FaceTime, HomeKit, the App Retailer, and its program update support that were being routed by means of Network Extension Framework, proficiently circumventing firewall protections.
This exclusion listing has been scrubbed now from macOS 11.2 beta 2.
The issue to start with arrived to mild past Oct next the release of macOS Major Sur, prompting issues from security researchers who claimed the aspect was ripe for abuse, including it could be leveraged by an attacker to exfiltrate sensitive information by piggybacking it on to genuine Apple apps incorporated on the list and then bypass firewalls and security program.
“Just after tons of poor push and heaps of suggestions/bug reports to Apple from builders this kind of as myself, it would seem wiser (far more security aware) minds at Cupertino prevailed,” stated Patrick Wardle, a principal security researcher with Jamf, past week.
Scientists, which includes Wardle, discovered final 12 months that Apple’s apps have been being excluded from NEFilterDataProvider, a network written content filter that makes it attainable for firewall and VPN apps this sort of as LuLu and Tiny Snitch to keep track of and manage details site visitors from set up applications on the technique.
Wardle demonstrated an occasion of how malicious applications could exploit this firewall bypass to transmit knowledge to an attacker-managed server applying a uncomplicated Python script that latched the targeted traffic on to an Apple exempted app even with location LuLu and Minimal Snitch to block all outgoing connections on a Mac managing Large Sur.
With this new change, socket filter firewalls this kind of as LuLu can now comprehensively filter/block all network traffic, together with individuals from Apple apps.
The updates occur as Apple deprecated help for Network Kernel Extensions in 2019 in favor of Network Extensions Framework.
We have arrived at out to Apple, and we will update the story if we hear again.
Discovered this article fascinating? Abide by THN on Fb, Twitter and LinkedIn to go through extra exceptional information we article.
Some sections of this write-up are sourced from: