1. Forum
  2. USENET
  3. comp.sys.mac.system

  • Re: Apple apps on macOS Big Sur bypass firewall and VPN connections

    From Jolly Roger@jollyroger@pobox.com to comp.sys.mac.system on Saturday, November 21, 2020 23:27:23
    From Newsgroup: comp.sys.mac.system

    On 2020-11-21, -xX(HTML)Xx- <> wrote:

    Some default Apple apps on macOS Big Sur, which remains in beta,
    bypasses any network firewall or VPN connection a user has connected.

    That's a lie. Only application firewalls that use the new Network
    Extension Framework are affected. Network firewalls and packet filtering firewalls like the macOS built-in BSD PF firewall are not affected.

    ---
    Despite Apple’s changes to macOS with the release of Big Sur, we can
    confirm that the Mullvad app still performs as intended by not allowing Apple’s own apps to bypass our VPN firewall.

    Starting in Big Sur, the latest version of macOS released 12 November
    2020, Apple excludes its own apps from the content filter provider APIs.
    As a result, any network monitoring and security software using these
    APIs is unable to detect and block traffic from Apple apps.

    Mullvad does not use content filter provider APIs to secure the device. Instead, we use the Packet Filter (PF) firewall which is built into
    macOS. This is a packet firewall, not an application firewall, which
    means that it does not exclude packets from any apps, including Apple's
    own apps.

    In other words, our usage of the PF firewall does not allow Apple apps
    to leak when Mullvad VPN is blocking the Internet. We have verified this
    by observing the network traffic from outside of the Apple machine.

    It’s worth noting that Big Sur and its predecessors are built to assume
    that they can talk to Apple at any time, but when we don’t allow it, a
    few unwanted side effects pop up. For example, the keyboard sometimes
    takes longer to wake up from sleep mode. Or, in certain situations, the
    Mullvad app takes longer to detect that the computer is online.

    However, these issues can only be solved by choosing to leak traffic to
    Apple. We consider them a reasonable trade-off in order to achieve
    strict blocking rules.
    --- <https://mullvad.net/en/blog/2020/11/16/big-no-big-sur-mullvad-disallows-apple-apps-bypass-firewall/>

    --
    E-mail sent to this address may be devoured by my ravenous SPAM filter.
    I often ignore posts from Google. Use a real news client instead.

    JR
    --- Synchronet 3.18b-Win32 NewsLink 1.113
  • From Alan Baker@notonyourlife@no.no.no.no to alt.privacy,misc.survivalism,comp.sys.mac.advocacy,comp.sys.mac.system on Sunday, November 22, 2020 18:39:23
    From Newsgroup: comp.sys.mac.system

    On 2020-11-21 2:03 p.m., }Tom{@nospam.com wrote:
    <https://appleterm.com/2020/10/20/macos-big-sur-firewalls-and-vpns/>

    UPDATE- November 14th

    UPDATE- November 22nd

    Arlen has a new sock!
    --- Synchronet 3.18b-Win32 NewsLink 1.113