Apple addresses an issue where apps can bypass firewalls and VPNs on macOS Big Sur
It was reported that Apple apps bypass firewalls, security tools, VPNs, etc. on macOS Big Sur to communicate, but the latest beta version has removed the feature that causes this problem. It turned out that.
Hooray, no more ContentFilterExclusionList | Patrick Wardle on Patreon
macOS Big Sur 11.2 beta 2 removes filter that lets Apple apps bypass third-party firewalls --9to5Mac
Apple makes welcome change to'Big Sur' security for Macs | Computerworld
Apple removes feature that allowed its apps to bypass macOS firewalls and VPNs | ZDNet
On November 13, 2020, macOS Big Sur, the version 11.0 of the OS for Mac, was released. Although it is a majorly redesigned macOS Big Sur, it was pointed out that Apple apps bypass firewalls and VPNs and communicate without permission.
MacOS Big Sur reveals that Apple app communication cannot be controlled by firewall --GIGAZINE
However, security researcher Patrick Wardle reported on January 14, 2021 that the issue was resolved in beta 2 of version 11.2. A list of apps and services that can bypass the firewall 'ContentFilterExclusionList' was added to macOS Big Sur as an internal file, but according to Wardle, this was removed in beta 2.
Omg we did it! ????— Patrick wardle (@patrickwardle) January 13, 2021
Thanks to the community feedback (and ya, bad press) Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2)
Means socket filter firewalls (eg LuLu) can now comprehensively monitor / block all OS traffic !!
Read more: https://t.co/GJXkRA31e7 https://t.co/BCPqdCjkV0
The ContentFilterExclusionList included the App Store, FaceTime, software update services, and more. The fact that they can bypass the firewall means that users will not be able to monitor the amount of data the app transfers or the IP address they are communicating with. It has also been pointed out that malicious attackers could use these apps to bypass firewalls to create malware.
However, with the removal of the ContentFilterExclusionList in beta 2 of version 11.2, apps can no longer bypass third-party firewalls and users can monitor again. However, macOS Big Sur 11.2 is only a beta version, and it is unknown at the time of writing the article when it will be applied to all users as an official version.