Introducing a VPN that can avoid the 'Apple app firewall bypass problem' of macOS Big Sur

The Mac OS ' macOS Big Sur ' released by Apple on November 13, 2020 has a specification that 'the communication of Apple apps cannot be controlled by a firewall', which has been the subject of discussion about privacy. Meanwhile, Sweden-based security company Mullvad announced on November 16, 2020 that it 'confirmed that its services can address the firewall evasion issues found in macOS Big Sur.'

Big no on Big Sur: Mullvad disallows Apple apps to bypass firewall --Blog | Mullvad VPN

A firewall that prevents unauthorized communication and malware infection is an indispensable security function for the safe use of PCs. However, it is known that macOS Big Sur, the 17th major release of macOS, has a specification that 'the communication of Apple apps cannot be controlled by a firewall'.

MacOS Big Sur reveals that Apple app communication cannot be controlled by firewall --GIGAZINE

Immediately after its release, this specification evolved into suspicion that ' Big Sur may be sending the startup log of the application used by the user to Apple .' Subsequent validation revealed that 'at least we haven't collected any information about the launched application', but there are still concerns about firewalls. As a result, there is a growing belief that 'malware that can bypass firewalls using the Big Sur specifications will eventually appear.'

Meanwhile, Mullvad, a virtual private network (VPN) service provider, updated its official blog on November 16th, saying, 'Despite Apple's changes to macOS with the release of Big Sur, the Mullvad app is made by Apple. We've confirmed that the app prevented it from bypassing the firewall and continued to work properly. '

According to Mullvad, Apple is allowing Apple apps to bypass the firewall by excluding their apps from the content filtering API. As a result, security software and network monitoring software that use the content filter API can no longer detect or block traffic from Apple apps.

Mullvad VPN, on the other hand, doesn't use the content filtering API, but instead uses the packet filter firewall built into macOS to detect packets sent and received by any app, including Apple apps. Is possible. In fact, Mullvad has verified that Mullvad VPN is capturing the communication of Apple apps by analyzing the network traffic of Apple devices from the outside.

However, Mullvad may take some time for the keyboard to wake up from sleep mode when using its own VPN, and it may take some time for Mullvad VPN to detect that the Mac is online. I admit the problem.

On top of that, Mullvad said, 'The problem with Mullvad VPN preventing traffic from leaking by Apple can only be solved by choosing to leak traffic. We implement this with strict blocking rules. I think it's a reasonable trade-off for. '

in Web Service,   Security, Posted by log1l_ks