Wednesday, April 21, 2021

Apple makes welcome change to ‘Big Sur’ security for Macs

Apple, Mac, macOS, Big Sur, Security

When Apple shipped macOS Big Sur in November, researchers quickly spotted a strange anomaly in the system’s security protection that could have left Macs insecure. Apple now seems to be dealing with this problem, introducing a fix in the latest public beta release.

What was wrong?

For some strange reason, Big Sur introduced a controversial and potentially insecure change that meant Apple’s own apps could still access the internet even when a user blocked all access from that Mac using a firewall. This wasn’t in tune with Apple’s traditional security stance. What made this worse is that when those apps (and there were 56 in all) did access the ‘Net, user and network traffic monitoring applications were unable to monitor this use.

It meant Apple apps could access the Internet to gain Gatekeeper privileges while other applications could not, posing a potential security challenge, as they were included on the ContentFilterExclusionList.

It was subsequently shown that this protection could be subverted to give apps — including malware — similar special powers. Rogue applications could be running in the background, bypassing Getekeeper protection, even when the user believed their Mac was protected by a Firewall.

This exploit wasn’t especially trivial, and it comprised a security threat.

If you are running the current public version of Big Sur, you can see the list for yourself at /System/Library/Frameworks/NetworkExtension.framework/Versions/Current/Resources/Info.plist file, just look for “ContentFilterExclusionList.”

Copyright © 2021 IDG Communications, Inc.

Source link

Leave a Response