{"id":112852,"date":"2020-11-16T12:11:57","date_gmt":"2020-11-16T09:11:57","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/apple-apps-on-big-sur-bypass-firewalls-and-vpns-this-is-terrible\/"},"modified":"2020-11-16T12:11:57","modified_gmt":"2020-11-16T09:11:57","slug":"apple-apps-on-big-sur-bypass-firewalls-and-vpns-this-is-terrible","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/apple-apps-on-big-sur-bypass-firewalls-and-vpns-this-is-terrible\/","title":{"rendered":"#Apple apps on Big Sur bypass firewalls and VPNs \u2014 this is terrible"},"content":{"rendered":"

#App<\/a>le apps on Big Sur bypass firewalls and VPNs \u2014 this is terrible<\/strong>”
\n<\/p>\n

\n For all of Apple\u2019s talk of being privacy-first, often its marketing speak doesn\u2019t match up with what it\u2019s actually doing. And the latest example? Well, it\u2019s Apple apps on Big Sur bypassing firewalls and VPNs.<\/p>\n

I don\u2019t need to tell you just how worrying this is.<\/p>\n

The issue was first spotted in the macOS Big Sur beta by Twitter<\/a> user\u00a0@mxswd<\/a> all the way back in October. They had this to say:<\/p>\n

\n

Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running ?<\/p>\n

\u2014 Maxwell (@mxswd) October 19, 2020<\/a>\n<\/p><\/blockquote>\n

This was confirmed and expanded upon by Patrick Wardle<\/a>, a security researcher at Jamf<\/a>.<\/p>\n

\n

This is true ?<\/p>\n

Previously, a comprehensive macOS firewall could be implemented via a Network Kernel Extension (kext)<\/p>\n

Apple deprecated kexts, giving us Network Extensions\u2026.but apparently (many of) their apps \/ daemons bypass this filtering mechanism.<\/p>\n

Are we ok with this!? https:\/\/t.co\/rYkDnuOgLJ<\/a><\/p>\n

\u2014 patrick wardle (@patrickwardle) October 20, 2020<\/a>\n<\/p><\/blockquote>\n

Effectively, Wardle says that previous versions of macOS allowed a firewall or VPN to be set up using the\u00a0Network Kernel Extension. But this isn\u2019t the case in Big Sur.<\/p>\n

What Wardle found is that the Mac App Store on the latest macOS bypasses any firewall. For all intents and purposes, its traffic is invisible to firewalls. What\u2019s happening is that Apple apps on Big Sur are beginning to operate outside the user\u2019s control. Which is terrible news<\/a>.<\/p>\n

This story was brought to light on Apple Term<\/a>, but many assumed it would be fixed when Big Sur was released to the general<\/a> public. This hasn\u2019t happened.<\/p>\n

The question you might be asking next is so what? What\u2019s the issue here?<\/p>\n

Well, aside from control over\u00a0your own system<\/em>, Apple apps on Big Sur being able to bypass firewalls and VPNs is a huge privacy and security issue. Wardle showed on Twitter how easy it is for malware to exploit this gap:<\/p>\n

\n

In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.) ?<\/p>\n

Q: Could this be (ab)used by malware to also bypass such firewalls? ?<\/p>\n

A: Apparently yes, and trivially so ??? pic.twitter.com\/CCNcnGPFIB<\/a><\/p>\n

\u2014 patrick wardle (@patrickwardle) November 14, 2020<\/a>\n<\/p><\/blockquote>\n

What this amounts to is that bad actors could exploit this hole in Apple apps on Big Sur to send out your personal data to remote servers. This should worry everyone.<\/p>\n

The big question though is\u00a0why<\/em> the company\u2019s doing this. So far, it hasn\u2019t said why Apple apps on Big Sur are exempt from firewalls and VPNs, but there are some theories.<\/p>\n

One school of thought is that this makes it harder for users to pretend they\u2019re in different countries, meaning it can be stricter on licensing issues. Another is that Apple wants to keep its apps\u2019 data and traffic out of VPN servers.<\/p>\n

Whatever the reason, I severely doubt its good enough to excuse Apple\u2019s actions here.<\/p>\n

If you want to understand further what this sort of activity does, I\u2019d recommend you go and read this piece from Jeffrey Paul about why your computer isn\u2019t yours<\/a>. It\u2019s a sobering look at the world we\u2019re living in, where<\/p>\n

So much for Apple being privacy-first, hey?<\/p>\n

For more gear, gadget, and hardware news and reviews, follow Plugged on
\n Twitter<\/a> and
\n Flipboard<\/a>.
\n <\/i><\/p>\n

\n Published November 16, 2020 \u2014 09:11 UTC\n <\/p>\n<\/p><\/div>\n