Apple Removes macOS Feature That Allowed Apps to Bypass Firewall Security

by | Jan 19, 2021

apple macos bypass firewall

Post Views: 497

style="display:block" data-ad-client="ca-pub-6620833063853657" data-ad-slot="8337846400" data-ad-format="auto" data-full-width-responsive="true">
 
 
 

 

 

Reading Time: 1 Minute

 

Apple has removed a controversial feature from its macOS operating system that allowed the company’s own first-party apps to bypass content filters, VPNs, and third-party firewalls.

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

CalledContentFilterExclusionList,” it included a list of as many as 50 Apple apps like iCloud, Maps, Music, FaceTime, HomeKit, the App Store, and its software update service that were routed through Network Extension Framework, effectively circumventing firewall protections.

This exclusion list has been scrubbed now from macOS 11.2 beta 2.

The issue first came to light last October following the release of macOS Big Sur, prompting concerns from security researchers who said the feature was ripe for abuse, adding it could be leveraged by an attacker to exfiltrate sensitive data by piggybacking it on to legitimate Apple apps included on the list and then bypass firewalls and security software.

“After lots of bad press and lots of feedback/bug reports to Apple from developers such as myself, it seems wiser (more security conscious) minds at Cupertino prevailed,” said Patrick Wardle, a principal security researcher with Jamf, last week.

 

 
See Also: Multiple backdoors and vulnerabilities discovered in FiberHome routers

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

macOS firewall

 

Researchers, including Wardle, found last year that Apple’s apps were being excluded from NEFilterDataProvider, a network content filter that makes it possible for firewall and VPN apps such as LuLu and Little Snitch to monitor and control data traffic from installed apps on the system.

 

 

 

See Also: Offensive Security Tool: Shad0w

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

Wardle demonstrated an instance of how malicious apps could exploit this firewall bypass to transmit data to an attacker-controlled server using a simple Python script that latched the traffic onto an Apple exempted app despite setting LuLu and Little Snitch to block all outgoing connections on a Mac running Big Sur.

With this new change, socket filter firewalls such as LuLu can now comprehensively filter/block all network traffic, including those from Apple apps.

The updates come as Apple deprecated support for Network Kernel Extensions in 2019 in favor of Network Extensions Framework.

 

style=”display:block” data-ad-client=”ca-pub-6620833063853657″ data-ad-slot=”8337846400″ data-ad-format=”auto” data-full-width-responsive=”true”>

 

See Also:SolarWinds Supply Chain Hack – The hack that shone a light on the gaps in the cybersecurity of governments and big companies

 

 

 

Source: thehackernews.com

 

 
(Click Link)

 

 

Offensive Security & Ethical Hacking Course

Begin the learning curve of hacking now!

Information Security Solutions

Find out how Pentesting Services can help you.

Join our Community

Share This