The developer of the Little Snitch firewall tool, Norbert Heger, described this behaviour as “a hole in the wall”.
Patrick Wardle, a security researcher with software firm Jamf, even demonstrated how it may be possible for malware to abuse “excluded” apps to generate web traffic to bypass firewalls.
Those who initially sounded the alarm, including Heger, Wardle and others, have now welcomed Apple’s decision to remove ContentFilterExclusionList with the release macOS 11.2 beta 2.
The exclusion list fist emerged as part of Apple’s shift away from third-party kernel extensions, including network kernel extensions (NKEs), which allowed developers to load code directly into the macOS operating system. These NKEs, however, were used by a number of third-party security platforms, including firewalls such as LuLu and Little Snitch.