Apple apps on macOS Big Sur bypass firewall and VPN connections

Skip to first unread message


Nov 21, 2020, 5:03:36 PM11/21/20

UPDATE- November 14th

Since the original publication of this article, macOS Big Sur has exited beta and been released to the public. Despite this, there is no indication that Apple has changed its behavior.

Originally Published on October 20th

Some default Apple apps on macOS Big Sur, which remains in beta, bypasses any network firewall or VPN connection a user has connected. The behavior was first spotted by Twitter user @mxswd and is more thoroughly explained by security researcher Patrik Wardle.

According to Patrick on older versions of macOS a firewall could be setup using the Network Kernal Extension, but on macOS Big Sur, Apple has deprecated the extension which allows for “many” of their apps to bypass the firewall. Patrick provides two macOS Big Sur firewall examples, Lulu and Little Snitch.

In a test it shows that regardless of changing firewall rules, incoming and outgoing connections, and enabling “deny mode”, the Mac App Store still ignores the firewall and passes through the connection, completely ignoring it. This behavior is alarming, however, how widespread it is and what apps exactly bypass through the connections are unknown.

It is fully possible that this is a bug given macOS Big Sur still remains in beta with an unofficial launch date. It’s likely that these tests were conducted on the latest beta, and could be patched in the upcoming beta given the widespread attention it’s gathered online. If it isn’t patched, then it seems to be a deliberate move by Apple to not allow its own apps to bypass through VPN and firewall connections.

Reply all
Reply to author
0 new messages