Postřehy z bezpečnosti: svéráz studentského sdílení intimností root.cz - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from root.cz Daily Mail and Mail on Sunday newspapers.
Image: Markus Spiske
Apple has removed a controversial feature from the macOS operating system that allowed 53 of Apple s own apps to bypass third-party firewalls, security tools, and VPN apps installed by users for their protection.
Known as the
ContentFilterExclusionList, the list was included in macOS 11, also known as Big Sur.
The exclusion list included some of Apple s biggest apps, like the App Store, Maps, and iCloud, and was physically located on disk at:
/System/Library/Frameworks/NetworkExtension.framework/Versions/Current/Resources/Info.plist.
Its presence was discovered last October by several security researchers and app makers who realized that their security tools weren t able to filter or inspect traffic for some of Apple s applications.
The developer of the Little Snitch firewall tool, Norbert Heger, described this behaviour as “a hole in the wall”.
Patrick Wardle, a security researcher with software firm Jamf, even demonstrated how it may be possible for malware to abuse “excluded” apps to generate web traffic to bypass firewalls.
Those who initially sounded the alarm, including Heger, Wardle and others, have now welcomed Apple’s decision to remove ContentFilterExclusionList with the release macOS 11.2 beta 2.
The exclusion list fist emerged as part of Apple’s shift away from third-party kernel extensions, including network kernel extensions (NKEs), which allowed developers to load code directly into the macOS operating system. These NKEs, however, were used by a number of third-party security platforms, including firewalls such as LuLu and Little Snitch.
The issue dates back to October
The presence of the issue was first spotted in October 2020 by several security researchers and later the developers of the apps realized that their security tools weren’t able to inspect the traffic of these apps nor were able to filter these apps.
As per ZDNet, security researchers such as Patrick Wardle among others were the first ones to point out this issue and that it was a disaster waiting to happen. The researchers argued that the malware could latch on to legitimate Apple apps present in the list and then bypass the security tools and firewalls easily.
The software essentially exempted Apple's own programs from being routed through its Network Extension Framework, which the company created for third-party security products to monitor and filter network traffic.