If you're using a Mac VPN (opens in new tab) and recently updated your device to Big Sur (opens in new tab), your privacy may be at risk as it was discovered that Apple apps are able to bypass both firewalls and VPN services in the company's latest version of macOS.
Twitter user mxswd first spotted the issue back in October and provided more details in a tweet (opens in new tab) which reads: “Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running”.
Security researcher at Jamf (opens in new tab), Patrick Wardle confirmed that this was happening and explained in a comment that previous versions of macOS allowed a firewall or VPN to be set up using the Network Kernel Extension (kext).
- We've assembled a list of the best Mac VPN (opens in new tab) services around
- These are the best business VPN (opens in new tab)services on the market
- We've also highlighted the best Netflix VPN (opens in new tab)
According to Wardle, the Mac App Store in Big Sur is able to bypass any firewall set up by a user as its traffic is invisible to firewalls. This has serious security implications for organizations that have set up firewalls to prevent certain applications from using their corporate networks.
Bypassing firewalls and VPNs
The news outlet Apple Term wrote a story on this issue back in mid-October in order to bring attention to it ahead of Big Sur's official release. However, in an update to its story (opens in new tab), Apple Term explained that the issue still exists, saying:
“Since the original publication of this article, macOS Big Sur has exited beta and been released to the public. Despite this, there is no indication that Apple has changed its behavior.”
In a tweet (opens in new tab), Wardle showed how cybercriminals could use malware (opens in new tab) to easily exploit the gap between Apple apps and user's firewalls. By doing so, they could then send users' personal data to remote servers which puts both their privacy and security at risk.
As of now, it's still hard to understand why Apple would make its own apps exempt from firewalls and VPNs. Some believe that it is due to licensing issues while others think the company wants to keep data and traffic from its apps out of VPN servers.
Firewalls and VPNs are one of the many ways in which consumers and business users alike protect their privacy and security online, so hopefully Apple will address this issue soon. Until then though, it may be worth holding off on updating to Big Sur if you regularly use a VPN (opens in new tab) or firewall (opens in new tab).
- Also check out our complete list of the best VPN (opens in new tab) services
Via TNW (opens in new tab)