Apple's apps bypass firewalls like LittleSnitch and LuLu on macOS Big Sur Previously, a comprehensive macOS firewall could be implemented via a Network Kernel Extension (kext)Apple deprecated kexts, giving us Network Extensions....but apparently (many of) their apps / daemons bypass this filtering mechanism.Are we ok with this!?
This is true 😭Previously, a comprehensive macOS firewall could be implemented via a Network Kernel Extension (kext)Apple deprecated kexts, giving us Network Extensions....but apparently (many of) their apps / daemons bypass this filtering mechanism.Are we ok with this!? https://t.co/rYkDnuOgLJ— Patrick Wardle (@patrickwardle) October 20, 2020
This is true 😭Previously, a comprehensive macOS firewall could be implemented via a Network Kernel Extension (kext)Apple deprecated kexts, giving us Network Extensions....but apparently (many of) their apps / daemons bypass this filtering mechanism.Are we ok with this!? https://t.co/rYkDnuOgLJ
An example, two macOS firewalls: LuLu and Little SnitchDespite best efforts (e.g. disabling default rules, creating explicit rules to block, enabling 'deny mode'), Apple's App Store appears to be exempt ...the firewalls never even see its traffic, and thus cannot block!? 😭 pic.twitter.com/3fwmwRXuJ9— Patrick Wardle (@patrickwardle) October 20, 2020
An example, two macOS firewalls: LuLu and Little SnitchDespite best efforts (e.g. disabling default rules, creating explicit rules to block, enabling 'deny mode'), Apple's App Store appears to be exempt ...the firewalls never even see its traffic, and thus cannot block!? 😭 pic.twitter.com/3fwmwRXuJ9
In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔A: Apparently yes, and trivially so 😬😱😭 pic.twitter.com/CCNcnGPFIB— Patrick Wardle (@patrickwardle) November 14, 2020
In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) 🧐Q: Could this be (ab)used by malware to also bypass such firewalls? 🤔A: Apparently yes, and trivially so 😬😱😭 pic.twitter.com/CCNcnGPFIB
One possibility is that Apple implemented the move to reduce the number of support requests it receives and make the Mac experience better for people not schooled in setting up effective firewall rules. It’s not unusual for firewalls to exempt their own traffic. Apple may be applying the same rationale.
Daar staat al een mogelijke verklaring. Zoals zo vaak zal er vast een reden achter zitten. Of dit ernstig is of niet, dat zal nog wel blijken.
This is a concerning development from Apple, a company trying to claim that privacy is its most important product. While claiming to be modernizing macOS with Big Sur, Apple is actually preventing networking app developers from creating extensions that allow them to manipulate the network at the kernel level (the foundations) of its operating system, making it difficult for users to have comprehensive oversight and control of their device’s traffic.We condemn this secret exclusion list on the grounds that it makes it harder for users to control or even be aware of how their data is being collected.