MacOS Big Sur reveals that Apple app communication cannot be controlled by a firewall

The firewall enhances the security of the PC by monitoring and controlling the communication between the PC and the Internet, but in macOS Big Sur, it is reported on Twitter that the Apple application bypasses the firewall and communicates without permission. It's up.

Until now, firewall apps for macOS have been implemented using kernel extensions, and it has been possible to monitor and control all communications between apps in macOS and the Internet. This kernel extension is scheduled to be deprecated in macOS Big Sur, scheduled for release in the fall of 2020, to ensure security and stability, and instead introduces a DriverKit that runs in user space.

In response to this, third-party firewall apps for macOS have been updated to use DriverKit, but it turned out that firewall apps using DriverKit cannot monitor the communication of Apple apps.

According to security researcher patrick wardle, no matter how devised the firewall application side, traffic could not be confirmed, and therefore communication could not be controlled.

There are 56 apps set as firewall exceptions such as FaceTime and App Store, and the complete list can be confirmed in 'Info.plist' in '/System/Library/Frameworks/NetworkExtension.framework'. After macOS Big Sur, it seems that it will not be possible to check the communication by the 56 apps on the list from the third party app at all.

in Software, Posted by log1d_ts