close
  • Ar chevron_right

    Apple lets some Big Sur network traffic bypass firewalls

    news.movim.eu / ArsTechnica · Tuesday, 17 November - 20:48 · 1 minute

A somewhat cartoonish diagram illustrates issues with a firewall.

Enlarge (credit: Patrick Wardle)

Firewalls aren’t just for corporate networks. Large numbers of security- or privacy-conscious people also use them to filter or redirect traffic flowing in and out of their computers. Apple recently made a major change to macOS that frustrates these efforts.

Beginning with Big Sur released last week, some 50 Apple-specific apps and processes are no longer routed through firewalls like Little Snitch and Lulu. The undocumented exemption came to light only after Patrick Wardle, a security researcher at a Mac and iOS enterprise developer Jamf, disclosed the change over the weekend.

“100% blind”

To demonstrate the risks that come with this move, Wardle—a former hacker for the NSA—demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure. He set Lulu to block all outgoing traffic on a Mac running Big Sur and then ran a small programming script that interacted with one of the apps that Apple exempted. The python script had no trouble reaching a command and control server he set up to simulate one commonly used by malware to receive commands and exfiltrate sensitive data.

Read 9 remaining paragraphs | Comments

index?i=XUr9W5AHxRs:f8o-Q-ENo-E:V_sGLiPBpWUindex?i=XUr9W5AHxRs:f8o-Q-ENo-E:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA