Apple removes feature in macOS that allowed apps to bypass its firewall and VPNs
Apple has got rid of a feature in macOS that allowed 53 of its own apps to bypass third-party firewalls, VPN apps and security tools.
Apple has got rid of a controversial feature in macOS that allowed 53 of its own apps to bypass third-party firewalls, VPNs, security tools and the VPN apps that users install for their protection.
The feature known as ContentFilterExclusionList was included in macOS 11 aka Big Sur.
The list of apps that were able to bypass the security feature included some of the biggest apps like Maps, iCloud and the App Store.
The issue dates back to October
The presence of the issue was first spotted in October 2020 by several security researchers and later the developers of the apps realized that their security tools weren't able to inspect the traffic of these apps nor were able to filter these apps.
As per ZDNet, security researchers such as Patrick Wardle among others were the first ones to point out this issue and that it was a disaster waiting to happen. The researchers argued that the malware could latch on to legitimate Apple apps present in the list and then bypass the security tools and firewalls easily.
Besides some of the security concerns, users of macOS also ran the risk of exposing their actual IP address and their location when using these apps as VPNs were not able to mask the location of the users due to the malware present in these apps.
A temporary issue says Apple
Apple told ZDNet that the issue was temporary but did not provide further details about it. The report also says that the issue was the result of a series of bugs in the apps and the company wasn't running a nefarious coup behind the users' backs.
The bugs were related to the macOS deprecating kernel extensions and due to the introduction of a new system called Network Extension Framework.
Apple has said that some of the bugs have been fixed for the same will be released with the Big Sur 11.2 update and all of the apps on the list will be subject to the firewall and security tools.
Published:Fri, January 15, 2021 5:38pm