- Joined
- Mar 30, 2005
- Messages
- 9,571
- Reaction score
- 25
- Points
- 48
Enlarge (credit: Patrick Wardle)
Firewalls aren’t just for corporate networks. Large numbers of security- or privacy-conscious people also use them to filter or redirect traffic flowing in and out of their computers. Apple recently made a major change to macOS that frustrates these efforts.
Beginning with Big Sur released last week, some 50 Apple-specific apps and processes are no longer routed through firewalls like Little Snitch and Lulu. The undocumented exemption came to light only after Patrick Wardle, a security researcher at a Mac and iOS enterprise developer Jamf, disclosed the change over the weekend.
“100% blind”In Big Sur Apple decided to exempt many of its apps from being routed thru the frameworks they now require 3rd-party firewalls to use (LuLu, Little Snitch, etc.)
Q: Could this be (ab)used by malware to also bypass such firewalls?
A: Apparently yes, and trivially sopic.twitter.com/CCNcnGPFIB
— patrick wardle (@patrickwardle) November 14, 2020
To demonstrate the risks that come with this move, Wardle—a former hacker for the NSA—demonstrated how malware developers could exploit the change to make an end-run around a tried-and-true security measure. He set Lulu to block all outgoing traffic on a Mac running Big Sur and then ran a small programming script that interacted with one of the apps that Apple exempted. The python script had no trouble reaching a command and control server he set up to simulate one commonly used by malware to receive commands and exfiltrate sensitive data.
Read 9 remaining paragraphs | Comments
Click here to view the article...