macOS Big Sur allows Apple apps to bypass Firewalls and VPNs, making it vulnerable to malicious traffic

macOS Big Sur was released to the public on November 12, after months of developers testing. However, the company was notified of a security vulnerability, during the beta testing of the new Mac software, which allowed Apple apps to bypass Firewalls and VPN. Spotted by @mxswd first and reported by @patrickwardle, the company still publicly released macOS Big Sur with the vulnerability.

A firewall is a digital barrier for network security to protect the system by monitoring incoming and outgoing traffic and blocking access for malware like viruses and cyber-attacks. Therefore, the existing macOS Big Sur security vulnerability might be exploited by third-party apps and hackers. Forcepoint defines it as,

A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a set of security rules. Its purpose is to establish a barrier between your internal network and incoming traffic from external sources (such as the internet) in order to block malicious traffic like viruses and hackers.

macOS Big Sur’s Firewall Bypass Security Vulnerability might lead to Malicious Traffic

@mxswd discovered that Apple’s Maps app could directly “access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders.” This vulnerability was further explored and exploit by a security researcher @patrikwardle. He was able to bypass the Firewall like Apple’s native apps to use LuLu and Little Snitch.

 

Before the public availability of macOS Big Sur, Wardle reported the vulnerability to Apple but was surprised to see the unpatched software released. This potential network vulnerability puts users’ privacy and security at risk. Patrick Wardle wrote to Apple that,

“It is essential that OS providers a comprehensive mechanism to filter and monitor network traffic. Without such an ability, essential security tools such as firewalls are infective, impacting macOS users in the following manners:

  • Privacy-sensitive users may want to be able to comprehensively limit or block network traffic at their discretion.
  • Security-conscious users may want to comprehensively filter/ analyze traffic. For example to detect malware C&C comms (that yes, could abuse the OS components that are not subjected to the NEFilterProvider).”

https://twitter.com/patrickwardle/status/1327728235623268353?s=20

The massive downloads of the new macOS Big Sur overwhelmed the company’s system. However, the release was not without glitches. Some users reported that the software bricked their 2013 and 2014 devices, unresponsive apps, failed installations and other issues. This issue received a lot of attention even before the public release of the new Mac software and continues to do so. For now, all we can do is wait for a patch by Apple.

About the Author

Snapchatter and Apple fangirl, covers everything about social media, app reviews and Apple news.