Security risks were discovered for macOS Big Sur back in November 2020 when developers voiced concerns over an internal file that permitted Apple apps to bypass firewall filters on demand.
However, Apple has now released macOS Big Sur 11.2 into public beta and has removed the list of exemptions that could have led to security breaches and malware, allowing Mac users the freedom to monitor their app data again.
- Best MacBook and Macs: top Apple desktops and laptops
- Best Mac antivirus software of 2021
- MacOS Big Sur users may need to wait to update their security protection
MacOS Big Sur 11.2 beta 2
A file was originally included in macOS Big Sur called “ContentFilterExclusionList,” which listed several official apps such as the App Store, the Music App, and FaceTime that would bypass any firewall installed onto the device.
This left the affected apps and services exposed to hackers that could use the exclusion list to create malware that would bypass Mac security and ignore any third-party firewall installed on the device. This also removed the ability for users to check what Apple apps were doing with their data, or even block or monitor any operating system traffic.
These issues were initially discovered after a server outage on the macOS Big Sur launch date prevented apps from working, and developers found that Apple was forcing all official applications to have full access to the network. The connection to servers couldn't be severed to get these apps working again, even with a firewall in place.
Omg we did it! 🤩Thanks to the community feedback (and ya, bad press) Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2)Means socket filter firewalls (e.g. LuLu) can now comprehensively monitor/block all OS traffic!! Read more: https://t.co/GJXkRA31e7 https://t.co/BCPqdCjkV0January 13, 2021
Patrick Wardle, a security researcher who has been following the issue on his Patreon blog and Twitter account, announced that the exception list has been removed by Apple with macOS Big Sur 11.2 beta 2, which means the previously affected apps can no longer ignore firewalls and users will have the freedom to monitor their web traffic once again.
This is currently accessible for any developers or users registered in the Public Beta program, and as such isn't officially live to the general public at the time of writing. You can read more on the Apple Beta Software Program on the official website (opens in new tab). It's easy to sign up if you wanted to be involved and present feedback on any future updates across the Apple product library.
Via 9to5 Mac (opens in new tab)