When Apple rolled out macOS Big Sur in November, researchers got it right identified a strange anomaly in system security protection that could have left Macs insecure. Apple now appears to be addressing this issue by introducing a fix in the latest public beta.
What was wrong?
For some odd reason, Big Sur introduced a controversial and potentially insecure change that meant Apple’s apps could still access the internet even when a user blocked all access from that Mac using a firewall. This was not in keeping with Apple’s traditional safety position. What made matters worse is that when those apps (and there were 56 in all) accessed the Network, the network and user traffic monitoring applications were unable to monitor this usage.
It meant that Apple apps could access the Internet to gain Gatekeeper privileges while other apps could not, posing a potential security challenge as they were included in the ContentFilterExclusionList.
It was later shown that this protection could be subverted to give apps, including malware, similar special powers. Rogue applications could run in the background, bypassing Getekeeper protection, even when the user believed their Mac was behind a firewall.
This exploit wasn’t particularly trivial, and it is it posed a security threat.
If you are using the current public version of Big Sur, you can see the list for yourself in /System/Library/Frameworks/NetworkExtension.framework/Versions/Current/Resources/Info.plist file, just search for “ContentFilterExclusionList”.
What has changed?
Apple fixed this in its latest public beta, as noted by Patrick Wardle. The company has removed ContentFilterExclusionList from macOS 11.2 Big Sur beta 2, which means firewalls and activity filters can now monitor Apple’s app behavior and also reduces potential attack vulnerability.
We know why Apple attempted this. When the company removed support for kernel extensions (kexts) from Macs, it also created a new architecture to support extensions that relied on kexts.
However, they also chose to make their apps exempt from these frameworks, which is why software that relied on the new extension architecture could not detect or block the traffic generated.
Why might that make sense?
I can imagine a few reasons why it might make sense to enable some Apple applications to run in some sort of super secret mode. Specifically, I’m thinking about FindMy and how useful it could be if left to covertly run on a lost or stolen Mac. But even then, it seems more appropriate (and much more in tune with Apple’s growing stance on user privacy and control) to give users control of that interaction, perhaps with something like a “run secretly in” button. background and resist firewalls “.
In the future, as Apple moves towards mesh-based coverage, particularly for Find My, the challenge that engineers will have to solve is how to allow traffic, for example, to find other Apple devices or share information about their location, to be safe. and protected. maintained as a discrete background process without generating further user friction (security messages) and maintaining privacy and security along the chain.
I have a feeling this may have been an attempt in that direction, but the fact that it could be subverted to penetrate Mac security is unsustainable. I’m sure Apple will look for better solutions to this problem.
When will Big Sur be updated?
The current edition of Big Sur hasn’t implemented this fix yet, but the fact that it’s now available in the latest public beta suggests it will roll out more widely in the next couple of weeks.
When it arrives, it also introduces another useful layer of protection for Mac M1s, which will no longer be able to side-load potentially unapproved iOS apps as the ability to bypass the firewall will have been removed.
Copyright © 2021 IDG Communications, Inc.
- According to this source Apple makes a welcome change to “Big Sur” security for Mac
- Check the more updates related to Apple Tips and Apple news now.
I hope you love this news please Share your love by following us on Facebook and Twitter for the latest apple news information and updates like Apple makes a welcome change to “Big Sur” security for Mac
from our channels.