Caution: Big Sur bypasses firewall rules and exposes every VPN user

Apple’s new Big Sur operating system has gaps that should allow unhindered access!

The new upgrade of the macOS operating system brought an apparently insignificant innovation: connections of different Apple apps communicate directly with Apple without following the rules of their own firewall. As a result, VPN users who have installed their client on the Big Sure computer can also be exposed by Apple or apps that use this firewall gap.

Big Sur Desktop
Big Sur Desktop

The New Zealand security researcher Maxwell discovered this back door in a beta of macOS Big Sur. According to him, for example, the map app ignores any “NEFilterDataProvider or NEAppProxyProviders” that a user has set up and activated.

The Mac App Store at Big Sur also bypasses any firewall. The traffic of the app marketplace is invisible to firewalls. Apps are thus able to evade the control of the user or all security settings made by the user. Initially, it was assumed that Apple would close this back door with the final version of macOS 11 Big Sur. However, this is not the case. Big Sur deliberately provided these back doors and bypasses the users’ firewall rules.

Apple applications open ports to the outside despite the firewall rule

As can be seen in the following example, Big Sure Firewall did not prevent the connections to the Apple Service that was open to the outside world. The fact that the connections that are now open are kept open at all times also means that, conversely, these applications can also be controlled locally by them. External access to your own computer can no longer be prevented.

With blocked outgoing connections, the command “NETSTAT” shows the following open connections to Apple servers. These services were not only blocked in the firewall but also deactivated in the settings of the operating system, but they were still activated.

What does that mean?

If you use Big Sur and also if you use a VPN service, you can recognize the real IP address of the users because the Apple apps can communicate directly without its VPN tunnel. Besides, it can be assumed that the apps can also be addressed to external requirements that are no longer controllable. So access from outside without control is also possible!

Concrete effects of “Big Sur” on the integrity of the users:

  • VPN users can be exposed by transmitting data to Apple servers with the real IP address.
  • Every “Big Sur computer” can also be contacted directly by the Apple server, no firewall can prevent this. (In any case, external access is possible via the connections opened outwards)
  • The US Patriot Act also gives US authorities access to individual computers through Apple at any time.

Warning for all Mac users

If you have not yet installed Big Sur, you should definitely stay away from it if you want to protect yourself through VPN services!

US authorities always demanded unimpeded and unlockable access.

Well, there is one of them.

It can also be heard that this bypassing of the firewall rules was also carried out at the behest of some US services because macOS devices and Apple iOS devices can no longer be protected from access by strict firewall rules or VPN services.

With the firewall rules now in BigSur, the user himself has no control over which data can leave the device or be received from it.

It is clear that US services like NSA or FBI will be happy about it. Whether these are the reason for these security changes at Apple is of course unknown.


Erstellt am: 11/26/2020

Leave a Comment