MacOS Big Sur reveals Apple secretly hates your VPN and firewall

How to fix macOS Big Sur problems
(Image credit: guteksk7 / Shutterstock / Apple)
Audio player loading…

If you're using a Mac VPN (opens in new tab) and recently updated your device to Big Sur (opens in new tab), your privacy may be at risk as it was discovered that Apple apps are able to bypass both firewalls and VPN services in the company's latest version of macOS.

Twitter user mxswd first spotted the issue back in October and provided more details in a tweet (opens in new tab) which reads: “Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running”.

Security researcher at Jamf (opens in new tab), Patrick Wardle confirmed that this was happening and explained in a comment that previous versions of macOS allowed a firewall or VPN to be set up using the Network Kernel Extension (kext).

According to Wardle, the Mac App Store in Big Sur is able to bypass any firewall set up by a user as its traffic is invisible to firewalls. This has serious security implications for organizations that have set up firewalls to prevent certain applications from using their corporate networks.

Bypassing firewalls and VPNs

The news outlet Apple Term wrote a story on this issue back in mid-October in order to bring attention to it ahead of Big Sur's official release. However, in an update to its story (opens in new tab), Apple Term explained that the issue still exists, saying:

“Since the original publication of this article, macOS Big Sur has exited beta and been released to the public. Despite this, there is no indication that Apple has changed its behavior.”

In a tweet (opens in new tab), Wardle showed how cybercriminals could use malware (opens in new tab) to easily exploit the gap between Apple apps and user's firewalls. By doing so, they could then send users' personal data to remote servers which puts both their privacy and security at risk.

As of now, it's still hard to understand why Apple would make its own apps exempt from firewalls and VPNs. Some believe that it is due to licensing issues while others think the company wants to keep data and traffic from its apps out of VPN servers.

Firewalls and VPNs are one of the many ways in which consumers and business users alike protect their privacy and security online, so hopefully Apple will address this issue soon. Until then though, it may be worth holding off on updating to Big Sur if you regularly use a VPN (opens in new tab) or firewall (opens in new tab).

  • Also check out our complete list of the best VPN (opens in new tab) services

Via TNW (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.