Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.mac.system > #135159 > unrolled thread
| Started by | "-xX(HTML)Xx-" <:}Tom:{@nospam.com> |
|---|---|
| First post | 2020-11-21 22:03 +0000 |
| Last post | 2020-11-22 18:39 -0800 |
| Articles | 3 — 3 participants |
Back to article view | Back to comp.sys.mac.system
Apple apps on macOS Big Sur bypass firewall and VPN connections "-xX(HTML)Xx-" <:}Tom:{@nospam.com> - 2020-11-21 22:03 +0000
Re: Apple apps on macOS Big Sur bypass firewall and VPN connections Jolly Roger <jollyroger@pobox.com> - 2020-11-21 23:27 +0000
Re: Apple apps on macOS Big Sur bypass firewall and VPN connections Alan Baker <notonyourlife@no.no.no.no> - 2020-11-22 18:39 -0800
| From | "-xX(HTML)Xx-" <:}Tom:{@nospam.com> |
|---|---|
| Date | 2020-11-21 22:03 +0000 |
| Subject | Apple apps on macOS Big Sur bypass firewall and VPN connections |
| Message-ID | <rpc2ra$11va$1@neodomea5yrhcabc.onion> |
<https://appleterm.com/2020/10/20/macos-big-sur-firewalls-and-vpns/> UPDATE- November 14th Since the original publication of this article, macOS Big Sur has exited beta and been released to the public. Despite this, there is no indication that Apple has changed its behavior. Originally Published on October 20th Some default Apple apps on macOS Big Sur, which remains in beta, bypasses any network firewall or VPN connection a user has connected. The behavior was first spotted by Twitter user @mxswd and is more thoroughly explained by security researcher Patrik Wardle. According to Patrick on older versions of macOS a firewall could be setup using the Network Kernal Extension, but on macOS Big Sur, Apple has deprecated the extension which allows for “many” of their apps to bypass the firewall. Patrick provides two macOS Big Sur firewall examples, Lulu and Little Snitch. In a test it shows that regardless of changing firewall rules, incoming and outgoing connections, and enabling “deny mode”, the Mac App Store still ignores the firewall and passes through the connection, completely ignoring it. This behavior is alarming, however, how widespread it is and what apps exactly bypass through the connections are unknown. It is fully possible that this is a bug given macOS Big Sur still remains in beta with an unofficial launch date. It’s likely that these tests were conducted on the latest beta, and could be patched in the upcoming beta given the widespread attention it’s gathered online. If it isn’t patched, then it seems to be a deliberate move by Apple to not allow its own apps to bypass through VPN and firewall connections.
[toc] | [next] | [standalone]
| From | Jolly Roger <jollyroger@pobox.com> |
|---|---|
| Date | 2020-11-21 23:27 +0000 |
| Message-ID | <i1tm2qFd4q3U1@mid.individual.net> |
| In reply to | #135159 |
On 2020-11-21, -xX(HTML)Xx- <> wrote: > > Some default Apple apps on macOS Big Sur, which remains in beta, > bypasses any network firewall or VPN connection a user has connected. That's a lie. Only application firewalls that use the new Network Extension Framework are affected. Network firewalls and packet filtering firewalls like the macOS built-in BSD PF firewall are not affected. --- Despite Apple’s changes to macOS with the release of Big Sur, we can confirm that the Mullvad app still performs as intended by not allowing Apple’s own apps to bypass our VPN firewall. Starting in Big Sur, the latest version of macOS released 12 November 2020, Apple excludes its own apps from the content filter provider APIs. As a result, any network monitoring and security software using these APIs is unable to detect and block traffic from Apple apps. Mullvad does not use content filter provider APIs to secure the device. Instead, we use the Packet Filter (PF) firewall which is built into macOS. This is a packet firewall, not an application firewall, which means that it does not exclude packets from any apps, including Apple's own apps. In other words, our usage of the PF firewall does not allow Apple apps to leak when Mullvad VPN is blocking the Internet. We have verified this by observing the network traffic from outside of the Apple machine. It’s worth noting that Big Sur and its predecessors are built to assume that they can talk to Apple at any time, but when we don’t allow it, a few unwanted side effects pop up. For example, the keyboard sometimes takes longer to wake up from sleep mode. Or, in certain situations, the Mullvad app takes longer to detect that the computer is online. However, these issues can only be solved by choosing to leak traffic to Apple. We consider them a reasonable trade-off in order to achieve strict blocking rules. --- <https://mullvad.net/en/blog/2020/11/16/big-no-big-sur-mullvad-disallows-apple-apps-bypass-firewall/> -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR
[toc] | [prev] | [next] | [standalone]
| From | Alan Baker <notonyourlife@no.no.no.no> |
|---|---|
| Date | 2020-11-22 18:39 -0800 |
| Message-ID | <rpf7cr$758$2@dont-email.me> |
| In reply to | #135159 |
On 2020-11-21 2:03 p.m., }Tom{@nospam.com wrote:
> <https://appleterm.com/2020/10/20/macos-big-sur-firewalls-and-vpns/>
>
> UPDATE- November 14th
UPDATE- November 22nd
Arlen has a new sock!
[toc] | [prev] | [standalone]
Back to top | Article view | comp.sys.mac.system
csiph-web