Published in News

Apple removes anti-security feature

by on15 January 2021
Apple removes anti-security feature


Allowed Apple apps to bypass third party firewalls

Apple has removed a controversial feature from the macOS operating system that allowed 53 of Apple's own apps to bypass third-party firewalls, security tools, and VPN apps installed by users for their protection.

The feature known as the ContentFilterExclusionList, the list was included in macOS 11, also known as Big Sur. The exclusion list included some of Apple's biggest apps, like the App Store, Maps, and iCloud, and was physically located on disk at: /System/Library/Frameworks/NetworkExtension.framework/Versions/Current/Resources/Info.plist.

Its presence was discovered last October by several security researchers and app makers who realised that their security tools weren't able to filter or inspect traffic for some of Apple's applications.

Security researchers such as Patrick Wardle, and others, were quick to point out at the time that this exclusion risk was a security nightmare waiting to happen. They argued that malware could latch on to legitimate Apple apps included on the list and then bypass firewalls and security software.

Last modified on 15 January 2021
Rate this item
(2 votes)
Tagged under
More in this category: « Google claims to have closed Fitbit deal Trump yanks Huawei suppliers licences »
back to top

Most popular

Latest comments

Read more about: