Firewalls, Routers, Network Security

Apple nixes feature that let its apps skip VPNs and firewalls, after criticism from researchers

An Apple store in London (Jon Rawlinson/CC BY 2.0))

The second beta version of MacOS 11.2 will no longer allow Apple software to circumvent socket firewalls and virtual private networks.

"ContentFilterExclusionList," first noticed by Mac security researchers in October, allowed around 50 Apple-brand programs to access the internet without going through the network extension framework that allowed several security products to work. The software essentially exempted Apple's own programs from being routed through its Network Extension Framework, which the company created to ensure security products (such as firewalls) could comprehensively monitor and filter network traffic in lieu of third-party kernel extensions. 

Researchers like Patrick Wardle, who spied the changes to MacOS 11.2 beta, noted that "it was (unsurprisingly) trivial" for malware to take advantage of the exclusion list, and circumvent the security products as well.

"Due to the ContentFilterExclusionList list any traffic generated from these 'excluded' items could not be filtered or blocked by a socket filter firewall," blogged Wardle, who designed the firewall LuLu. He confirmed that the 11.2 beta release does not contain ContentFilterExclusionList, which means socket filter firewalls (such as LuLu) can filter/block all network traffic.

Joe Uchill

Joe is a senior reporter at SC Weekly, focused on policy issues. He previously covered cybersecurity for Axios, The Hill and the Christian Science Monitor’s short-lived Passcode website.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.