Apple apps on macOS Big Sur bypass firewall and VPN connections
-xX(HTML)Xx-
UPDATE- November 14th
Since the original publication of this article, macOS Big Sur has exited beta and been released to the public. Despite this, there is no indication that Apple has changed its behavior.
Originally Published on October 20th
Some default Apple apps on macOS Big Sur, which remains in beta, bypasses any network firewall or VPN connection a user has connected. The behavior was first spotted by Twitter user @mxswd and is more thoroughly explained by security researcher Patrik Wardle.
According to Patrick on older versions of macOS a firewall could be setup using the Network Kernal Extension, but on macOS Big Sur, Apple has deprecated the extension which allows for “many” of their apps to bypass the firewall. Patrick provides two macOS Big Sur firewall examples, Lulu and Little Snitch.
In a test it shows that regardless of changing firewall rules, incoming and outgoing connections, and enabling “deny mode”, the Mac App Store still ignores the firewall and passes through the connection, completely ignoring it. This behavior is alarming, however, how widespread it is and what apps exactly bypass through the connections are unknown.
It is fully possible that this is a bug given macOS Big Sur still remains in beta with an unofficial launch date. It’s likely that these tests were conducted on the latest beta, and could be patched in the upcoming beta given the widespread attention it’s gathered online. If it isn’t patched, then it seems to be a deliberate move by Apple to not allow its own apps to bypass through VPN and firewall connections.