Macos Big Sur 11 2 Beta 2 Removes Filter That Lets Apple Apps Bypass Third Party Firewalls

Back in November, some developers raised concerns due to a change in macOS Big Sur, which allowed Apple apps to bypass firewall filters in any situation. Since this could lead to security and privacy breaches, Apple has removed this list of exceptions from macOS Big Sur 11.2.

After some macOS apps didn’t work due to a outage in Apple’s servers on the launch day of Big Sur, developers tried to block the system from communicating with these servers but they found out that Apple forced its official apps to have full access to the network even with a firewall configured.

An internal file has been added on macOS Big Sur with something called “ContentFilterExclusionList,” which is a list of several Apple apps and services that can bypass any firewall installed on the Mac. This includes the App Store, FaceTime, the software update service, and even the Music app.

Since these apps and services were bypassing the firewalls, users could no longer block them or even monitor them to see how much data Apple apps were transferring or what IP addresses they were communicating with. Worse than that, it was revealed that hackers could create malware that abuses these “excluded items” to bypass the firewall.

Luckily, security researcher Patrick Wardle revealed today that Apple has removed these exceptions for its apps with macOS Big Sur 11.2 beta 2 — which was released today for developers and users registered in the Public Beta program.

In other words, that means Apple’s apps can no longer bypass third-party firewalls and users can once again monitor their traffic on the web. However, since macOS Big Sur 11.2 is only available as a beta release for now, we don’t know yet when this change will reach all users.

Omg we did it! 🤩

Thanks to the community feedback (and ya, bad press) Apple decided to remove the ContentFilterExclusionList (in 11.2 beta 2)

Means socket filter firewalls (e.g. LuLu) can now comprehensively monitor/block all OS traffic!!

Read more: https://t.co/GJXkRA31e7 https://t.co/BCPqdCjkV0

— patrick wardle (@patrickwardle) January 13, 2021

Wardle detailed the removal of ContentFilterExclusionList from macOS and its potential risks in his Patreon blog, which you can access here.