Apple Removes a Feature Allowing Apps to ByPass Firewall

  • By Dawna M. Roberts
  • Jan 27, 2021

The Apple ecosystem (macOS, iOS, WatchOS, and iPadOS) is known to be very robust and resistant to outside threats. However, recently Apple removed a feature from Big Sur (the latest version of macOS) that allowed apps to bypass the firewall.

What is the Problem?

The controversial feature allowed only Apple’s first-party apps to bypass content filters, VPNs, and third-party firewalls. The actual feature is called “ ContentFilterExclusionList,” and worked with 50 apps including Apple Maps, Music, HomeKit, FaceTime, iCloud, and the App Store. According to The Hacker News, its “software update service that was routed through Network Extension Framework, effectively circumventing firewall protections.”

As of macOS 11.2 beta 2, this feature has been removed from the Big Sur operating system. 

Discovery

The issue was discovered In November 2020 when a beta version of Big Sur was tested. Critics complained loudly about the problem, and concerns about exposing user data forced Apple to remove the feature in its latest update.

Threatpost explained how the feature worked. “Researchers found these apps were excluded from being controlled by Apple’s NEFilterDataProvider feature. NEFilterDataProvider is a simple network content filter, which is used by third-party application firewalls (such as host-based macOS application firewall Little Snitch) and VPNs to filter data traffic flow on an app-by-app basis.

Because these apps bypassed NEFilterDataProvider, the service could not monitor them to see how much data they were transferring or which IP addresses they were communicating with – and ultimately could not block them if something was amiss.”

Cybersecurity professionals explain that threat actors could bypass the firewall by generating network traffic abusing these “excused” items. The reparation of this vulnerability means that now even third-party firewalls can block all incoming traffic from unknown connections. Using a piggybacking methodology, hackers could easily exploit this feature if left in play.

Principal researcher with Jamf Patrick Wardle tweeted last week, “After lots of bad press and lots of feedback/bug reports to Apple from developers such as myself, it seems wiser (more security conscious) minds at Cupertino prevailed.”

The Hacker News shared that “Wardle demonstrated an instance of how malicious apps could exploit this firewall bypass to transmit data to an attacker-controlled server using a simple Python script that latched the traffic onto an Apple exempted app despite setting LuLu and Little Snitch to block all outgoing connections on a Mac running Big Sur.”

How Has Apple Responded?

Although Apple has declined to respond to either Threatpost or The Hacker News, nor have they made a public comment about the issue, they did remove the feature in the latest update to Big Sur version 11.2 beta 2.

Historically, Apple has always been a big proponent of privacy and security. With so many threat researchers ringing the warning bell over this one issue, it’s no wonder Apple took quick action to remove the contentious flaw. 

What Should Apple Users Do?

Update your Mac to the latest version of macOS as soon as possible. Although this issue has not yet been seen exploited in the wild, now that there is so much talk about it, anyone who is left un-updated could be at risk. Some other ways to stay safe are:

  • Always keep all your Apple devices updated with the latest security patches and operating system updates. And, educate yourself about apple’s privacy and security.

  • Keep your firewall turned on at all times.

  • Install and run frequently good, strong antivirus software.

  • Never download software from untrusted sources.

  • Do not click links in email or download attachments, primary way how people fall for phishing scams

  • Install network monitoring software to keep an eye on any intrusions and all network traffic in or out.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

What is an Incident Response?

What is an Incident Response?

What is an Incident Response? After a bank heist, the work begins with specialized teams and plans engaged, allowing for analysis of the event, and from this analysis, the bank can prepare a response to the incident.

What is a Social Engineering Attack? Techniques and Ways to Prevent

What is a Social Engineering Attack? Techniques and Ways to Prevent

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity.

Side Channel Attack: Everything You Need To Know

Side Channel Attack: Everything You Need To Know

Every year, millions of people get victimized by data breaches. Criminals steal their data from the network environments of organizations, vendors, providers, institutions, and governments; with ever-increasing frequency, cybercriminals are making big moves in the cyber wars—and making billions of dollars. 

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Exposure Scan
Instantly and Securely Check if Your Personal Information is Exposed on the Dark Web or Sold by Data Brokers
Please enter first name
Please enter last name
Please select a state
Close
Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an age
Please enter an email address
Close